Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 11:34
Static task
static1
Behavioral task
behavioral1
Sample
415850da8a4e574d43ea91154c67ca68_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
415850da8a4e574d43ea91154c67ca68_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
415850da8a4e574d43ea91154c67ca68_JaffaCakes118.html
-
Size
194KB
-
MD5
415850da8a4e574d43ea91154c67ca68
-
SHA1
93497c80bd4b1679e0342910b530316b5eb6433b
-
SHA256
5174c28263425d940e1b0513dcda1044fe3f1e96e7bc88098d8b71b2942036a9
-
SHA512
c6fb9d3b6e82781f43b1dc597fc3dd3ef887fb3ff7ad2e8a8725cfce8db941e1cdfba8935df0ecc3bb7af2fa1dce17368c81846392cfdcc8ac4c9fe5c4b7e0aa
-
SSDEEP
1536:mxcPHQsb59sWa0m0km7U3d3dyV4S+f97aEhUX8L8CRwBEuUn:T59sWaA3Vn+f97aEhUX8L8CRwBEuUn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2924 msedge.exe 2924 msedge.exe 2340 identity_helper.exe 2340 identity_helper.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe 2924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2924 wrote to memory of 4300 2924 msedge.exe 82 PID 2924 wrote to memory of 4300 2924 msedge.exe 82 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 1964 2924 msedge.exe 83 PID 2924 wrote to memory of 2680 2924 msedge.exe 84 PID 2924 wrote to memory of 2680 2924 msedge.exe 84 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85 PID 2924 wrote to memory of 4788 2924 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\415850da8a4e574d43ea91154c67ca68_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff091646f8,0x7fff09164708,0x7fff091647182⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17994273195277125816,8509777245191678318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4800
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3392
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
258B
MD5f5ed4a5752cf6e0c4c36bee00ce95146
SHA104d898b0900b152149f16c6ee7c321a7469606be
SHA256d6d1356d75d6812ee7904a2ed1cab3a1637844dda278cdc47608bcde8dbd59f2
SHA512469bc7e671fb9919564233859a16eb8263919262f862014341a4f89cbf1fff9a7b8e6fc5a8235d076023e70731d612f5081c0ed8a663579f78563752aecbdd67
-
Filesize
6KB
MD5116c447583cd0b784b7f095d462e5c06
SHA1d709e008c9a9fb19965304cf24e4fc86394b2312
SHA2567ee2683bbc3a8875678379b4c68ebea44773d845f729086df5b4f0e6e093364c
SHA512b400933476361043e942ac143abf7eaca0f69891763fbc6fbb7fa96f16d551a9adb412cce1e5723a88ea6e3190ba47afc3d39b65bf48ad4f48cd056b3581ba67
-
Filesize
6KB
MD5bc123daaa2b9f666bb6db9ade44939b6
SHA1dc703d44b8a5236a7cf3837add776789714f79eb
SHA256569c6f2003d83a126cc603f1b8d045c45982ddfba7586352dfc442c68b99a60d
SHA512af051bfd688624fe3e75bfd0d4dbda7927446ffb4db3e0c7ad6e896485971ece70e1c7112f48462d0c60f6e36cfe784955ea104537465b22c29f411810c41dd5
-
Filesize
6KB
MD5a546fb928a35110f82f0eb0600a5705a
SHA1178ac6a63b1082a182ac83bb27ef89610f5c1ccf
SHA25678d416f1f887d8e427f157e4a9460fcc2794f5dee6e20edd9f775ac2ce6323b8
SHA5126de0a6487a787b7700183500acaa0141351165d1e01d436da1ec66235126600016e7d59742027944229db2d3542f6c5813dc6abb4f8065ea7783d45f1505adfe
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5a5785fb9fb7b7a2d30a28feee7921dec
SHA15c9b6605e286afc5c68cca5a9354cc99f1d2172f
SHA25645793bd613a550c48faef9e927be96bf036ecb73a79225b760476455926e9948
SHA512cec07fa2d434299fd10d32c62910c9698e840fae8ccfdde479ca3adb64176f0e4971393c1ab3b8694e676b469f709d73bfa62c6b8923575f938a717153bbbc37