Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 21:44
Static task
static1
Behavioral task
behavioral1
Sample
482c37fad56e1fc63f00db4ead559c9b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
482c37fad56e1fc63f00db4ead559c9b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
482c37fad56e1fc63f00db4ead559c9b_JaffaCakes118.html
-
Size
35KB
-
MD5
482c37fad56e1fc63f00db4ead559c9b
-
SHA1
19f6ec896c77c4892a7aa5033d9e2d2af4ef5089
-
SHA256
7a787c49bf25b34b8a92f349dda29708e35d841c2dc7e37aa3f0623d06aa24fe
-
SHA512
1d9b7741737bdc752259aec5ef1267b3946b543119ce95f09f3397b3235e375fce281fdec0b89c9884a6989a426751bb3ea085655797072cccbc9ecc46badcee
-
SSDEEP
768:zwx/MDTHRJ88hAReZPXNE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TIZOf6sggf6lLRO:Q/nbJxNVNu0Sx/P85K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4612 msedge.exe 4612 msedge.exe 3356 msedge.exe 3356 msedge.exe 1888 identity_helper.exe 1888 identity_helper.exe 3836 msedge.exe 3836 msedge.exe 3836 msedge.exe 3836 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe 3356 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3356 wrote to memory of 4952 3356 msedge.exe 83 PID 3356 wrote to memory of 4952 3356 msedge.exe 83 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 3780 3356 msedge.exe 86 PID 3356 wrote to memory of 4612 3356 msedge.exe 87 PID 3356 wrote to memory of 4612 3356 msedge.exe 87 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88 PID 3356 wrote to memory of 3240 3356 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\482c37fad56e1fc63f00db4ead559c9b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb042146f8,0x7ffb04214708,0x7ffb042147182⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12460986673111550993,4632593332822623521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4336
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
612B
MD568076492e5340c9612ac8f2fbe2d55b2
SHA1929c61ee108c15a5bcda85e6b7d898a4c57a2e3b
SHA256249674c3f4684bd7c2a170063c618edc35fddc95fe4e409b1881bacca83484a6
SHA5122ff01302274e1b52c775f342330554251b3fcb40dad7ae49df4fb2546c8d1b125c7ef1161dc875c633b2b45541c546d5578a9b69f26da503d2e482a794efa718
-
Filesize
5KB
MD5930a45c0086a52dae8b9a91204729bcd
SHA1f72593e3bccbef67482a891beaeb38bafc7e6c87
SHA256cff918ac0f6e7b07b9bec7e9f142ae03c6fd3e87bcc2d847e52de54cbdc0cd8e
SHA51234400cb2777b6aec4a2a38c3f0de4616e895c7178dd74f38f17053a3c905f97d83c6493a89f47fe93832351a088c3648300a23fb2d2cb653f8cb0162809d9840
-
Filesize
6KB
MD5ae60472bfdffcc672c09c5098c39d0bc
SHA1eb66ac7c385caa2874a62cc57023f01f654f4f38
SHA256556313059ff0ccaba4e970afba34b106b461054e9d82cac4596f8da2959deab0
SHA5127c2cdd97ee4ff9c14acd73f6a20c22d098c2a8ec73e877a4c25a020cbf83538cc01af1d97872d3ba2cfdb1f2f7437a6839e1e2b058025d17de919817e119845a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD550014c917b9d7904ddc218f836ceeefb
SHA12ce082bd8dc1350b564564652572de5c550778be
SHA2562640eacde7ebb087faa7c948cf060efcd837dbae298b2568b15243f76aafbfad
SHA512fdd56b5bf78080197eb9dda3bf79a3029e6863fbe586bcbca2457c022d42f2ff68134c6df137c6f3fb7dab14a85c86318148fb33edb6b0727372d71b50f1729d