Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 14:13
Static task
static1
Behavioral task
behavioral1
Sample
4b7d3e4f2ef3810a45ed4a7cb72db092_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b7d3e4f2ef3810a45ed4a7cb72db092_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4b7d3e4f2ef3810a45ed4a7cb72db092_JaffaCakes118.html
-
Size
118KB
-
MD5
4b7d3e4f2ef3810a45ed4a7cb72db092
-
SHA1
b3fa4985e960e56bbd89cdb90d7beabdba21ec71
-
SHA256
c6fc362c70049cefd5fa29a9aa57cbdfe4f7be5156ebc29e3d10e7f7e0862bde
-
SHA512
789f9caac9bb49e0ecbaff22d51069755f38ee3e19a4c1006d5541773bec11b9837a83d177ea8cc81dde9acfa4b19fb1d51eabafbcd1070a4a4fdf1571c30d39
-
SSDEEP
3072:NFO8FOuyitL9pJK9SaYSqMcaSHu8ehsiJ2YYQ5p1PswvKgC:EeKIRYYQ56
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1820 msedge.exe 1820 msedge.exe 804 msedge.exe 804 msedge.exe 2216 identity_helper.exe 2216 identity_helper.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe 804 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 804 wrote to memory of 116 804 msedge.exe 83 PID 804 wrote to memory of 116 804 msedge.exe 83 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 3656 804 msedge.exe 84 PID 804 wrote to memory of 1820 804 msedge.exe 85 PID 804 wrote to memory of 1820 804 msedge.exe 85 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86 PID 804 wrote to memory of 5016 804 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b7d3e4f2ef3810a45ed4a7cb72db092_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe902247182⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:82⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16311884674201205820,13995219578097364921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
184B
MD509aa8491d662286b020e333f8e1c800b
SHA14166a4f9deb740be2016951c1c37c3f6cc956ec9
SHA2564735d37af33d2452a19ded4f7f56be471518a649188d63079530b8054e8b2e2b
SHA512c87cd035eef0ff81a9b5f6bce224af66b43318f6286c32cbfbdd18975eea4f012f30385f96a7c35e9c2cf1f7c553b6c8d300bf8513ed1da06fd6b77cf2423311
-
Filesize
5KB
MD5dac1cac684000f4a36e4a4e692f1ccd3
SHA17bfcb84db30cdbb4bf0b19c900e37c62920da2cb
SHA2567f93671ef1c32ae015bd5387fc5210ad679b4d92ddb14cc0e9723df90173fbdd
SHA5128cd548812129d2fb0e1d9905d9dc39de9ab74acd110912511cef5c214306bf40b5f88422601290554e1b62bd70bcf9393a5b62cffa09d126ee4a4d3ada318c28
-
Filesize
6KB
MD543caf52f38d2618ba3f2be84d52a0ba2
SHA187002e85c5794e364d6c73be27ec0a06910ade7b
SHA25682ac06504e8bec7db7a6d7f6d19e6a6983ee448779ac5ae99e13a2267d69c037
SHA512f5f7021a6129ca1e07ee8b517d9dadc7b3a1ddff918b7c49febcd490faf6c40c28fd4bb3f7865fc1db46e12d696e7eff90bd6381827a19a68ccec8d57c76c128
-
Filesize
6KB
MD52f1ed6ae3bc7231a801d57ec26017dcb
SHA1faeae4346e168c7f6af98950f4826f175d9d8355
SHA256599a3e9f8ea0b1ac52a8dc15da009afa8c97cfe66d56ff1828a856d97cf7184b
SHA5120d47e7aadcd64147bfbeb0eb97a9f808e824b78d4cc2bef817b7ac1bc3ceff1ab877b2cba4f6f36b89006c6a9674d209a5e673d7f50d43d92a240a2753b537a8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5838e191b1c8f89716de307ef747302bc
SHA1928065e89680eab43b5ca390f6e84bfdfc0698e8
SHA2563560ce99a6ec98fa2849f9c59082dec94c0c184625d602cb9668d668e143682e
SHA512a7b4ad8a31c09cf36abbef027af1f48e03ef8ea80e6bd396e5764a9fa376897f791e5a5f91a9f106bc162c211f39c292b16003d92b5c4cc3653773e244a9c49e