Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 07:47
Static task
static1
Behavioral task
behavioral1
Sample
4a0ffacdbc518c767f78d25a6f8b9406_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a0ffacdbc518c767f78d25a6f8b9406_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4a0ffacdbc518c767f78d25a6f8b9406_JaffaCakes118.html
-
Size
201KB
-
MD5
4a0ffacdbc518c767f78d25a6f8b9406
-
SHA1
d4edaf3491e30dc05f5b7cb9396bca07974083db
-
SHA256
e8aaf15434a74b30ab21b6b8cba7b99141c52088ff9817bdab97fc0e3b92de26
-
SHA512
67ef2855859ec51b2e4af6c6b42bd958f2642c752662f06f13bfc41f09bc6f7bdbc43900caea6522a94991e265b1481180c78819a1be70f078b2bf33477b41d1
-
SSDEEP
1536:kaKc84E6hBrPZ/ybvWj3ItzX6EOMSHKgqwZXe5630XhGvM:dKfzX+Fa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1256 msedge.exe 1256 msedge.exe 400 msedge.exe 400 msedge.exe 4380 identity_helper.exe 4380 identity_helper.exe 2496 msedge.exe 2496 msedge.exe 2496 msedge.exe 2496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 400 wrote to memory of 1988 400 msedge.exe 83 PID 400 wrote to memory of 1988 400 msedge.exe 83 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 3276 400 msedge.exe 84 PID 400 wrote to memory of 1256 400 msedge.exe 85 PID 400 wrote to memory of 1256 400 msedge.exe 85 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86 PID 400 wrote to memory of 3732 400 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a0ffacdbc518c767f78d25a6f8b9406_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa47182⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1222516671208605706,4562659160477257747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
255B
MD56216a07695629959bd035d0fbbce1706
SHA11b4849422fd2d05b90c95b79af525ff7bdff2f9b
SHA256d5f4ff7858e246040cb1f2e5b11eb2310a483a398a7e361936b02457a00b0702
SHA5120e46fc6091473e812a6b084ae2960e5721a69c6a7fbb32807ea4db735292b0de4cfb0c047593874fd0f07b56b89efa288596747d9978e3f625bcd39297e0b41b
-
Filesize
5KB
MD57b2aaecf0db6e5808edb8b4c4502fa84
SHA1d7f5c8d53dd5c382ea83af54e81253dbc341855e
SHA256641ca2ffa4ca076a8006113f54cd717edccff0104ed7786bca3f2a3aeba9269b
SHA5121e1f4f3cf301f9daf1e6eb544632cd167e3ee7b1f79cb099b9b00d1dac2999bf1bee39ec7db597342ca9ade42ba002099663e30cfda022575642b6c47bbb232f
-
Filesize
6KB
MD55a0bdb89f2923d94df56ad66becc7e00
SHA1d69ffb0b632d4f0d4cd0bcaccc32ceee18b5d0fa
SHA256b09eb04403e0de4d7cac5c80bf9a7c8e9609a280887e74ebeb82f176c11e4a34
SHA512e3daab399af17cc7042c8bcf474b8ee93427230d6d73cb20577a7a31dbbb908ccddcfd5e032b1e2444622eb0ddc10722104ffd98eb93020438f7baa1105d8739
-
Filesize
6KB
MD54212178f2cc59a9fcca5e000fe79ff82
SHA18365cf0dd7cab53fc24772b5cbba5031f8aaed45
SHA256225d05dee49edb721fbb821b60984c68bb96910a58a9ceb8b3c431cc8529ed93
SHA5129f6260453ac81ab8f222ddf070c8392cd69b263a9c4da4f6e4c761967b8889744f71545025a262463223c6bd1a4ae6cc21346ba86c854a1b306331545c6590c2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e4a75c53320cf8ff73924d9cc595c0c4
SHA12adc83df5e63b856a7d1e471138171ada58f31e9
SHA256137ada0d150e5610aa6484dac8a9ef051b023208270c9bf3810f0113706f8526
SHA512931bcadc0edb87f6bcf8714546e8b0bf4af8c68a281a1916d8a3e7baa855e6077257c07e63b6062773fda87f2f66a2a4408bbcef128801d2ffa954c1e8b5ed8b