Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 00:23
Static task
static1
Behavioral task
behavioral1
Sample
43c27ab47a35325d3a446f2efb12370a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43c27ab47a35325d3a446f2efb12370a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
43c27ab47a35325d3a446f2efb12370a_JaffaCakes118.html
-
Size
12KB
-
MD5
43c27ab47a35325d3a446f2efb12370a
-
SHA1
efded9fc7863959453f71680e16ae053bff396bb
-
SHA256
ba477b1fb7063562f884811748041bec5c5e20dcee630890b0f109c31ebd9f18
-
SHA512
5959df88b00765f723c4869cc482733034010af45ad541dc0d6c77674637a7b2eb48e3b0d81d531284778dc285b306ccd8a8743c7adceb8f083191a8f88e4c66
-
SSDEEP
384:tJZiFokKf6jIBGUIrya8TjJqj1QJHJlJ9ZZQ2hZrLdpp1MAhXHQiVYg:DkOkdjIQFd8TjJqj1QJHJlJ9ZZQ2hZrH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1768 msedge.exe 1768 msedge.exe 4860 msedge.exe 4860 msedge.exe 1584 identity_helper.exe 1584 identity_helper.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe 4860 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4860 wrote to memory of 3308 4860 msedge.exe 83 PID 4860 wrote to memory of 3308 4860 msedge.exe 83 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 4704 4860 msedge.exe 84 PID 4860 wrote to memory of 1768 4860 msedge.exe 85 PID 4860 wrote to memory of 1768 4860 msedge.exe 85 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86 PID 4860 wrote to memory of 1492 4860 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43c27ab47a35325d3a446f2efb12370a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc47182⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:22⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:82⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:12⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,12119198965318495771,11697469445416379775,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
385B
MD54e68b590c55cfa05baef6f7c1861da6f
SHA1386df7d0193077d2ff7b76121560cec88cfc7ba6
SHA256e2b6e2d584d768e1620f3e8edc60d63ebc5bcb43769a84c4da06936ab5aaa1ad
SHA512ef633d72fa4b6823053bc901f3a5a7c458d41360832e2439c96f6969ab996d4a0ab90df3e0c03b64b066c3115fa85b06d5ab16191878178478c353726e593ff2
-
Filesize
5KB
MD5360e243fd32b912e81bc58bda6017c0e
SHA186bd7b0d28761a3bd5a2061c9e4142d7653659c1
SHA2561c6d918681c6e89078fd0472f3eb25706ccf202366f07a071ae3daf84963d96f
SHA512317f49f6751d5d12d6facbaaab9e645302e30027d1e49c4e4bcfb9fc32bce518f5964f22d439073ceb1ac30a93cc2a5759242a0d160b01a05a8719c62ba636fc
-
Filesize
6KB
MD5c91b02bfaf14961fd511152399013e7d
SHA167e96a5d5b35cbf18f359d0a2da06b7e624f3fcb
SHA256797f2d1014369bc5459c91b73000698b10aa0f2d1f862a681bd34a6e1c9f1082
SHA5125b2e251b0a68c79151ec73f252313d2ea589fe1978f90df2a56903ded21a55ac3f0142f964dc281a88cc64dff216d5ff096002318ac90101dc559a6e340b7377
-
Filesize
6KB
MD56f47f20039f60f09d6d641761dcc2c82
SHA16bb91b9dcbaf63cd3f7b779bc8ea2857b0f2a45c
SHA256a2cbb914add4b134aef61fe1a92428faa019f765a66537ff8dbf638e248a4ed0
SHA512a5bf4b0429c16e218c300a87c9d1097ecbbb22e87d0b8e2b16e6975d2d6f6d64788f1ebc7e160f860a161c3b356b6b4adf78f6ff822b0fb0ba51ab041d342c89
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5a74c0bb23d1b8417247987f5741536ab
SHA1af6294c5a63591aec4fe900b36da077fca1dae3e
SHA25601636afca9ee30cf73390f3df8d03e41df511aac3e704b5f936cb4c7ffd92a56
SHA51282296ae21a7dec6dea4f5f46942c16d42d757dd54bf41f98b8ca81baf4acfadf92ad98d0b8314ffa71d46cbbe0e41e7c304798092d759f24e54e1e3f2a87a339