Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 06:34
Static task
static1
Behavioral task
behavioral1
Sample
408996f8c47b1add1beebb508ec82719_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
408996f8c47b1add1beebb508ec82719_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
408996f8c47b1add1beebb508ec82719_JaffaCakes118.html
-
Size
23KB
-
MD5
408996f8c47b1add1beebb508ec82719
-
SHA1
e4848ae80ff0ad8b597f4d3a956c63492592d290
-
SHA256
9fbd1294b11531982120935400852b8624fb3a9977a59e544f5689f0c3cae81c
-
SHA512
725c20ec595b3053fa267e9e59373777c338e6914fb8a78b5cb136415e1cd870a57c03d2cff16af034b1e838fedc52a2796e9e12850f27443544600508e13225
-
SSDEEP
384:a1KTdy5UAbVSNwukJX4JllPXqxvLmZLAojEplWZqfk4KHw2:a1H5UAb8N0JX4J/Cx6LNjELeqW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 5072 msedge.exe 5072 msedge.exe 3804 identity_helper.exe 3804 identity_helper.exe 3340 msedge.exe 3340 msedge.exe 3340 msedge.exe 3340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5072 wrote to memory of 712 5072 msedge.exe 82 PID 5072 wrote to memory of 712 5072 msedge.exe 82 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 6008 5072 msedge.exe 83 PID 5072 wrote to memory of 2972 5072 msedge.exe 84 PID 5072 wrote to memory of 2972 5072 msedge.exe 84 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85 PID 5072 wrote to memory of 5828 5072 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\408996f8c47b1add1beebb508ec82719_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff427247182⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:5828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:5808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11694934641217123253,2488779023970318612,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5568 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3340
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\126e26a6-07e6-4653-b8ff-f84ed0350795.tmp
Filesize6KB
MD5bcb5376a6b43d8ba3272ab401be4a2df
SHA1fe42c18117e7458f2176d5deb7c0b4ffde7b55ee
SHA25603270bdb320d939a079bc63fa0b4127938349d1598819d0592444b3bf6109b93
SHA512222ddd6d698920f6b597e98121d30dc8644e3dfdc461378bec834dbcbf70edee625f48a6a96762108b1e406fef56a3ca6fd012bb38b52dd12744bb9f72fafbdb
-
Filesize
531B
MD5fab4b552ecbdb9cfb4f83a2dd25ef623
SHA1482547de1f1f615f5753abb52024234d2dd1ce9f
SHA25672bb64c36f1a7e8ffe52740c5ea816bd4cfb14489be7073defe117e477c80c1a
SHA51294ea9edf08e759d8a4020dc348ed4becbea441211441bddc8ec83864320ed78840c1e84347ca38244d4873a9491ab23828b4340b6eaaedab11094dd1675f5b0d
-
Filesize
5KB
MD589e417005024f5f44341d1c4d66e8ff7
SHA1a1dc9e637dcea0f192b64af3111e769615195c9c
SHA25683f9136c1aba1e00398e359c940b4cc1cc3c59fa1e984c64a8a9895d9875e41d
SHA512f5714b63a81442077294a0e4b2640f96f8a0643b67842236655db6259bc3f7a2ca8f0b3b4f422098eb463738fe7977167c2426d0d9da6928beea422e6844294a
-
Filesize
6KB
MD5829a254fe9bb48d1a699cd0ea516bb8f
SHA107dcf0b9afb97ef55e2e4fb115794a1813ab7685
SHA256a83a6b18866f039a341b91fbd7f3232d6a91eaf23998029314453842edb87953
SHA512a312d0feb8c20bc54f5ca5943d79e4e38def8952b0115ad9566836792b4a1dbb517890e3dfb3aa02104c96d81777a9cd46b5aa81ee6e97ef4816867e6dfe2b73
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57d6f1ad6f01dab1d3df8f8579be461e8
SHA1bfd9d21f2cbb07a83481cc798411464806f8da40
SHA2566413867e8d6aa3ce3c4dae4ead2ef581dc6bd95eb5f202ae1cfc5116854bcf5f
SHA512f02b23d09216838348a5724742eabeed856c6d1f27be4ed5f2afc2622fc32d393822650c1e5e733dda45c978cf22e915d902a1eade2fc20746fb0e3980961492