Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 15:17
Static task
static1
Behavioral task
behavioral1
Sample
46c36f04ffed15f1b7799b09846a4ad8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
46c36f04ffed15f1b7799b09846a4ad8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
46c36f04ffed15f1b7799b09846a4ad8_JaffaCakes118.html
-
Size
84KB
-
MD5
46c36f04ffed15f1b7799b09846a4ad8
-
SHA1
3122f1c8bc8f9d014bbfcb8c0dec3b9a9f1d1119
-
SHA256
7a1bc1f4ef6a89cca6b0a639d6069bc4c1937fdf01d04066ee6d1b961d9cca24
-
SHA512
2c1a12f644c9f462a8fea95dce61d445c8b6254e9edaec2330379594b58ca6390049983d5df016a522e0ac12a891bec3d6269d095d26585090e656b04f28cee1
-
SSDEEP
1536:0cRSURkmBbM04uzS98ucuWeNmUl4Ln5e8dAj+N5fyRJ:0cYURkmBj4uzQcuWeNmUl4LwxJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4628 msedge.exe 4628 msedge.exe 60 msedge.exe 60 msedge.exe 3940 identity_helper.exe 3940 identity_helper.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe 60 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 60 wrote to memory of 3596 60 msedge.exe 83 PID 60 wrote to memory of 3596 60 msedge.exe 83 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 5092 60 msedge.exe 84 PID 60 wrote to memory of 4628 60 msedge.exe 85 PID 60 wrote to memory of 4628 60 msedge.exe 85 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86 PID 60 wrote to memory of 4492 60 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46c36f04ffed15f1b7799b09846a4ad8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8930846f8,0x7ff893084708,0x7ff8930847182⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2119325704506581218,11821936371059368821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
1KB
MD582582039042da0425427828de858ca8d
SHA199664c3d3f35b1f0b955397c3af7dcb469d6c961
SHA25670ad7ee8ef2d17bb6feb24cabefc6a8d5da41711a9b957a979271133129a6449
SHA5122fd7abc4c26da668eb0209fbc693a9c569f7f44ae9cd40a423f5c3c79f894f1be4142dec29e51150a2b61610d79a745be15e9148bb5dd571c2c3f4a20a400d7c
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD5ff67002d86827230579a2183605060df
SHA123deee0e98a6a2640926d55946ea8fd07d8dbe64
SHA2560638b25c1e3258612ae63c997deb735bfee524649aa156e924fdfab32bb121f6
SHA512b4143331905bd16626197d3da32a2657df1ff197723c9f74d7e872b9445b553ee15832403607e1128b9f63ad071528040ccf374b4a9926875c760b062dfe8d06
-
Filesize
6KB
MD5cd72e12224cf165f8bd79358b82f44e2
SHA139c45af10ee8a18b0e02d46516a17d3dfd89ef2a
SHA256e2145e3d9478b0d98362c36df4e96ee398653c8d8e449fc68e1ebe7ddc303403
SHA51269b3e196c98cfb4d5e6ec60988f5c876d5f2ec718371504b2706582d98031127c3b2238541c89c55b3d1ebd5ec13c794ad27a2bb43cdf14b0a947e5cb13c3345
-
Filesize
6KB
MD5a1054b1632e92cc00e4e97397a289eca
SHA1be52f5bf6e9fb9181f43dbf2f292f57b493cee9c
SHA256547881083bfbeda7023c14e98019298991d091e6d84fb56877771d993d0eadae
SHA51290cfb0696c1b73ea02d66ef0a786e37ebb5c5bc879ff094684f80bcae7c3aa7d3d58f05249266267f72f74437906e1b9af30fbeeb2c0754fe4e02725e0cf43d9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55af1918acb1a40a44f38758b5069336e
SHA16ab00d9403ea4cb8ab4a1f41b729ca2633539ee6
SHA256d87fb3971b433dad82464ec442a6e695886ceb9d8f59177d014964a1fe330d55
SHA51286905e06ebbd38f15ba34b10d7564c1aa291e163833a9b70275ef07fc5f443165a71f33f1a79471f53bdb64df09970b090ca5da2b8c24c5778ca1f510f10e740