Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
4a1a7b41324d22a829d1da6f342eb37b_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a1a7b41324d22a829d1da6f342eb37b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
4a1a7b41324d22a829d1da6f342eb37b_JaffaCakes118.html
-
Size
41KB
-
MD5
4a1a7b41324d22a829d1da6f342eb37b
-
SHA1
4c357f595e35f1b36b0cf8721c003d3c73f7fa35
-
SHA256
05c0f81669e569cf9c46849fa2724ede254bb6357cee97f8f8d98042f327a232
-
SHA512
df8f5042d333cee910b9e09ed47c924873baa952c0a10457ae915d25c6e86b2c8fdb1eef7d6662f2dd1645b41ea5cc5b2242cf88412bd91ec8cc9851b928159d
-
SSDEEP
768:+P45mWdXsLGmwHKDCBju8BI3kKITmym6jskuA0vzKaAsQhs1LW3k:+POemu8BI3kKIiym6jskuA0vzKaAsQho
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4464 msedge.exe 4464 msedge.exe 2876 msedge.exe 2876 msedge.exe 1916 identity_helper.exe 1916 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe 2876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2876 wrote to memory of 2324 2876 msedge.exe 82 PID 2876 wrote to memory of 2324 2876 msedge.exe 82 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 996 2876 msedge.exe 83 PID 2876 wrote to memory of 4464 2876 msedge.exe 84 PID 2876 wrote to memory of 4464 2876 msedge.exe 84 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85 PID 2876 wrote to memory of 1436 2876 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a1a7b41324d22a829d1da6f342eb37b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc113e46f8,0x7ffc113e4708,0x7ffc113e47182⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14490526193718554174,6208608026539798890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:12⤵PID:1168
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1520
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
309B
MD55a991e0697cafdc8c0e77897817d9fc2
SHA15957bdb8b5d701cc71e3c5e0b4608c6f1a356b1e
SHA2565a8907e483e5c2e2090162a7031c06310971b76121a9d688170437c4b35d5e1f
SHA5126c779fbedfcd569f2f3c0d2312c4feb919f207d0b8180aa0782b4a91b8bae97523fd42dde1c0b152564c399d04d5ce11e1a9a1d8ae97625935a1ffe52ec30fee
-
Filesize
5KB
MD5d3817db6dd99322dc56c235fcbc6024d
SHA17b2eea24c252f1e15c6c5d4982000688af0d6acf
SHA25681066dc2ca64ce5aa89eeb9ed962f060d827f5106f79965595dbf8060203bbd8
SHA51258cd0ce9349c4b6bbba6228fd6e9800707e2e56436f95c72ff2a9720dbeebbba351072df13180c63afce8d9b3bc93ada8b5591e335fce93ab36b281d1dc82757
-
Filesize
6KB
MD5881d6f00eb3cfff269293d79cefcadca
SHA15a57d814075c4d28870386e11f3ad5e36ac27e92
SHA2565dd60925be4b4a9d00e6d6041df8363f913a3a236ee8fa9b2dce115f9964904b
SHA512821d8141195d7ef8318f5bf0debb8c3fc94bb74f45361502871121fefbee056ae03334d290c7120026529ff753a6ac732057d7b52bdf93eca9b71078db82549a
-
Filesize
6KB
MD5980e9788ba0e25cf53cf410ff03fba5b
SHA1676ec865ddab313781acf2f6b1c7673c2e1edc00
SHA256f3c465c55077a8266b528f7816f56805057f71b04cd76d27a3fb509977a88b06
SHA512dc04c9e9caec9554d873e4e959e46c45bacbf5909fb6c128c5902d694fa0b1953d1a03522455afac0a30cb0ae130e879acbf80c6d5715748708c4d9015c71f78
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD558bfd8d15215629a6c4b498c691e8b7a
SHA112f3da110d80c68090a4788ad26f3ca24da53488
SHA256078d3c6982c08f5d4d56a79191a0b6d57a5e324294e4155a8c67f8ed22acb2e0
SHA51282eab4dc5ac363b71ebdb033f9c85728238dba87d92dc8e63eed68f5487df51f0977f0d5146dafd6ad805c0488066a5bbe2b942aef92e09fe8d45fc07dbd63a5
-
Filesize
12KB
MD58013206bbb4ae8ce004f230002670a79
SHA1598eae0868727b8b6552fb9a796fc1d0273e52f4
SHA256d3fd3ab5e35b3c0be4ba905cfa0fa547322de086852120680494b06c2ae0e8d5
SHA5126f088db737f2b0d35dcdb9410eebff24d847e9f67ac2259e87b10de755c80de4cc72c8d558fda3bb3c9c3184e21888a93c52db6d4e0a00031292e6629f8483f8