Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 08:00
Static task
static1
Behavioral task
behavioral1
Sample
4a1cefe59359c7000582013448336e8b_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4a1cefe59359c7000582013448336e8b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4a1cefe59359c7000582013448336e8b_JaffaCakes118.html
-
Size
94KB
-
MD5
4a1cefe59359c7000582013448336e8b
-
SHA1
42bbafee612d5cb885178d498b401c9bcc102e1e
-
SHA256
a3c96dc5924ac3999cf72a599b62652b523093346aa8d96dda9ef49b29914449
-
SHA512
b923f84195fc39d18a984dc91f0296b9c65e522e24826c7b4476b958bc23d7b8a60861d2b39698d101aa03c2c983537f9348b06ee86e29ef50ec3cdc3df52b8d
-
SSDEEP
1536:WMLiNcoSFLdf/OpG7LtjA/FHr/LYn/PB3yiZbqoBdkrY8mgHC+qpEyW:WAiaDLBdkrY8mgHC+qpEyW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2964 msedge.exe 2964 msedge.exe 2492 msedge.exe 2492 msedge.exe 4380 identity_helper.exe 4380 identity_helper.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe 4364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe 2492 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2492 wrote to memory of 1492 2492 msedge.exe 85 PID 2492 wrote to memory of 1492 2492 msedge.exe 85 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 992 2492 msedge.exe 86 PID 2492 wrote to memory of 2964 2492 msedge.exe 87 PID 2492 wrote to memory of 2964 2492 msedge.exe 87 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88 PID 2492 wrote to memory of 3260 2492 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a1cefe59359c7000582013448336e8b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf3846f8,0x7ffbaf384708,0x7ffbaf3847182⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:82⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9517850767718291393,11905968076546242988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2096
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
178B
MD5efb3e41ddcb00d4e436d59962fe73c4d
SHA14b9f2cbd664cf2136cd6966774f9ee04b4efa46a
SHA256edc776d59064e412098066a07cba55cbabb1e7d18534e1292d34003961ad3bb6
SHA51285a53139125a0e589b222ebee00d1c593eb24c8059b9f3f86196f8ef346cf7fc988493bb6f5cebf7aec2d0debc5017eff291b04e8aa37180d1ec5a6e2bb362ba
-
Filesize
5KB
MD537aac82195d2dc2ba36ae49609d70a47
SHA11de38148648980ceb76e4e72dc27441f96473610
SHA256d32ed6457e2e404b30588ffd1925ced66fb1c405e71989b7379851ad5590b882
SHA512a6b61dac056e944f4bf213b0c1e4300998063b37b18c1ce34a7943061b8d4990ff46f74bf6dbf797949c843c772ef7f44c2a4ef25085645ad5ce12abb64a5018
-
Filesize
6KB
MD57cf89c3c0d8c83318c6cfa3ac57cf501
SHA1b28870dab7c1e5aee12e20bde7de8011f6ab85ad
SHA2564be3604e4372713def9ccefe5f06ed8c5f87ec6bcaaa749f3d7b5416c9ebaceb
SHA512100349c6b4a42ada384eb8d8e94c881afec8f7b658b22b0c9e492e7c73485fb1ffb29c7ccef70c2b69d22bf1c827a5b6fde156a9368d3680fa55ac248d1d1f4d
-
Filesize
6KB
MD5be3dedfa1410a1affa767b4d75d92eee
SHA1ec97744997b95931b7db1cfb90ffb348e74ef0f2
SHA2563fdcff8d5e68aaaadbf6d69e636ade33ae20436e906a3e52761c0720787a73d4
SHA5122e48fc837c75575a6033f5ea5daff98e516538cac2d7868366cd2e151c6d144a03eb3ec2b2b461900b77f94a1cf3003eca941170ff448b9d1f26d553c37e6ca5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5766d1af05cf17e9c8399cc25e88b1633
SHA14e77f273ef7aa5ac2ca88aed76604e7b53e973cc
SHA256aeb12b538baf65bf4bedb53605e8f0d6e854e6a24709f663ef9073020e04d144
SHA51234e3dc7c970eb7bd0eaba06911171b405275ae9416324976d12f7264cf2c51fcbdb2c4c49dc2b0121e3b2b6ae5491106772ec5dc339b8cbb125b8693f84e76ec