Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 11:02
Static task
static1
Behavioral task
behavioral1
Sample
4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html
-
Size
206KB
-
MD5
4abf7d3b045800e180d7c5b57a982f20
-
SHA1
ff1018d1d6db281fcd1dd88e5db288d82ac15bd5
-
SHA256
12a27501fb582183fdce4b542cb590ac3c18150800489a120e6d30dac93ad98a
-
SHA512
dfc9f98934a25b87eb2b2be4cd20461ddce1976a0a448e307d7b604031b801c3195f844c956df16dcc798353a6f389a8b093870d0ee087b86b27de77273ee707
-
SSDEEP
6144:1530DH6NEQwjcHXxQRVufJc/09F4kXk5V:1uDHQmjcxQRVufJc//V
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 1624 msedge.exe 1624 msedge.exe 3708 msedge.exe 3708 msedge.exe 3708 msedge.exe 3708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1624 wrote to memory of 2728 1624 msedge.exe 83 PID 1624 wrote to memory of 2728 1624 msedge.exe 83 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 4200 1624 msedge.exe 84 PID 1624 wrote to memory of 2284 1624 msedge.exe 85 PID 1624 wrote to memory of 2284 1624 msedge.exe 85 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86 PID 1624 wrote to memory of 2028 1624 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef47182⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD5c312d263a0474ae7b94f439e50d21e7c
SHA19d19bbc7909ce7fa4c67a866443ec806fca96088
SHA256c89196a707d302c942f0aaa6d5af88e8ef357d6dfff2d0d36c943a59eea1480c
SHA5129fd280630583359ae9f7fa04f26adfcdaad836a406b9a7cb8632142da44f18aa56c9f38512f6e6fbfc2340a26c6e55493e6318358ef0226b2f015516d5ad892e
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD5ac6321a4d2fbafc759f72dc6b559cca1
SHA1c1db63f4e7c2e1a5d4a4dbcaac6422da6606a823
SHA2561aa8f9e3b129a57ce9bc12708e0e96eded34548db6dfe1e13ec971c854e95676
SHA51242c7d4d572539069550b12661d5c596c186b325e437a62ce87170c38d48915ab5a0999e9bf5b3d52377c4d5b69429bd119b6382502472bde9c7bd27976bdfb66
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD559b2eeaa06d9825627a0b5ae14cf3bde
SHA141befe8ad7b41f7b443cd4437df58819e2e564e4
SHA2566dc64e7d3434f5d530559fcbe0bd948713ef91da6fff4ccd7466b16076bef8f1
SHA512963e05e203a514872d778a2e8166d57a6291cbd1c7e9729c811c98a7e3a9133b7d3729eefb1b8d62f0e20e3ea40369f7f2fd9fec676c5996dfd720ceb3b0601d
-
Filesize
7KB
MD53706a204f928953a2b16436ad6090a4c
SHA1063380910ad8e9af6b3748ca75c94728d8cd9646
SHA25611a299455fadcc355ccdb4664542e2ef6a8000e2fde7765d9ee059ac40a16971
SHA5129a54a8bbb0357b9c84c532eb1c3dbf2f8fbdab58c108907ecc54563d5eb40f4e3c1a320792472fb105c74e671156562f204b6b67a477cd8268fddc297b12273a
-
Filesize
6KB
MD5bf4e73ab366a32c1fa801cc115d94c54
SHA1748a9ecfe75b1058fbcaff880c940600ad86ff74
SHA25691bbba84eeeb3f0c16238e828d936f866a279a4050024c0b7ddc8946a4a25404
SHA5126d5d51ccf2c59685dd9da980577ed359ca2db622da9ac0060d9d6b8f4829483c8c6d983a6d18fdd66d6070a5f5d0ae8d1dc535c1ca624151fc51972cacbc48bc
-
Filesize
1KB
MD54e5ac52969be71d4fe9665c4449fd851
SHA146c5b236612997e4612d45975896a97fafb9c0a6
SHA25673f33c205c286f5b94b1b08dad676fe93ac92ae82ab2df776af1333213cd8401
SHA512de2c442debcdb2308cbafc94cd7f8f400b92bc33fa6e309277d69bc285a1763715538b2749a52e6e1e2cee9f2feb3cc38fdc7368dffa8b74aa91354a30caba78
-
Filesize
707B
MD52e68ac6829225a6eb65613de7fab5085
SHA15c3e03fb4a34336fde94ea934848d9d3965d30fd
SHA256a6e621f1ed3ba359d2c535791ccac26bb3c38e9bcdde5aea724d54dfb13d75f0
SHA51285a5c70ee087c145b318048be6af3bcb3799e7b9d932b6a41c957dde1232d332674a8021b964f7aa214c06692486fbfac713049ecf014f3fc923776d1450eebf
-
Filesize
11KB
MD5e52b1b53c827af02cd22bd4206ef94eb
SHA1921225278a4604203fb149d6465d51025ac6b0a8
SHA25662b41be43bfb4eb85492fe587acc99ae1b645f0028b1d434fcb8559b675ca792
SHA51295a4b8f2479d8227fd6c9791bd8061d007b0cc04309d1ff50d81393b6210853b1451ba9c57f1e08219a9d5305a63bc7c979acd0382842c64f8297a534929fba8