Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 15:48
Static task
static1
Behavioral task
behavioral1
Sample
4bd9653834821626c364fa614c691872_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4bd9653834821626c364fa614c691872_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
4bd9653834821626c364fa614c691872_JaffaCakes118.html
-
Size
151KB
-
MD5
4bd9653834821626c364fa614c691872
-
SHA1
ddf145ad17acffd4d07976ac29e0d97c68a352f5
-
SHA256
48d8907ee278165b3633c6ff62f9e7ecafcdfcfedd0a1415e188f85971dd66e7
-
SHA512
003967c0a9255a9bffc411f90c9e7a28e167f840d19c60aa94df9ff53b36b1b7cdbf09cbe5245dae6dc8a6cf71c964809d4ff5a9eb932e484f808125f34774e4
-
SSDEEP
3072:wlPipoSL+QKiazizu874qh37gBr+qg6XvdeyQsMna0hB+Y/tbUxL:fHzvh3Z6P
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2044 msedge.exe 2044 msedge.exe 3764 msedge.exe 3764 msedge.exe 2960 identity_helper.exe 2960 identity_helper.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3764 wrote to memory of 1664 3764 msedge.exe 83 PID 3764 wrote to memory of 1664 3764 msedge.exe 83 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 3672 3764 msedge.exe 84 PID 3764 wrote to memory of 2044 3764 msedge.exe 85 PID 3764 wrote to memory of 2044 3764 msedge.exe 85 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86 PID 3764 wrote to memory of 2940 3764 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4bd9653834821626c364fa614c691872_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8958546f8,0x7ff895854708,0x7ff8958547182⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:82⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5856264938538757960,15138402811707377165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:968
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b99728e-2a88-476d-b057-fb80f52043f6.tmp
Filesize5KB
MD51a26a1dfb175c67ebaabc031105654a0
SHA10ec1421f30110ca30ac6867b3272b49aa4dc666e
SHA2567d88e692bbfceb4ba641775295a3cf6e36b1f05bfd318706a69a317afd0e4b0c
SHA5128752a890f38677d4527c176782f46b033b23553003713d8ffc135303bb724e38f2e57f2d2af7e3d8ca1855b489d3343b8921d00aeaa3826a4227393aa16b5ccd
-
Filesize
541B
MD5dcff5cb7bcdcf55e8dd275b6dc8d43ad
SHA1431d43770650af9fcc5064bf00af5753e2a021f5
SHA25619c60531ea950ea127059dff521d068a39d9110c67c76986858c98e96096a1a3
SHA512e9a60cbfc834ece41d789e0484db10508ae4e92e8182261ca57f34aec3d436c70d3aaacbf521cadfcbe31236f3fa5035548d90e211025c65bad4a7524d360aa5
-
Filesize
6KB
MD5252d090aebf1d816f42e872ade20e586
SHA1a1e0d4dc6403ff2fd948e578347dd3b5eb1705f6
SHA256b04b9b247545f648ffa7d45103eabf36e723a92a3157d676916ca12335540d19
SHA5129890332e81767cf40b807fd98b0722ec2e918bac2a7b49df8dce9c4a53c7251fbd6538aff9dfc5e176a02f66ea31bda695bb0a6e342b05c86c2aa0c2743cf07d
-
Filesize
6KB
MD5fe4b35a2a7f60ca8626edb8862e77c11
SHA1fd859934f3fa656d6546c10a81f47706e7d1d833
SHA2569b61ba9423ed989f13642f187a2af37151b884e3f741fec60dbd14013d5b3be1
SHA512f73206c78120cbf3585880686f30c12ba2d72939f314da7dc9122e61c535cc87671600ec5ab9a44884d32875c461dbfc284e09827328bc5c1a69defc85fe2b29
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5daec132f6fb6ac3b4ce19b99f36ddd42
SHA15d27577264027680f7b5aeb189a9bc4935f6bcf7
SHA25698e54e9f69bce856dd1c41e824b3fb7044e509258df6ffbca085f019b445482d
SHA512ef018ec9895d5b9600c7d2bb28d9cdd4d0a52fbbd54f23ab8dcf1c46c196b5a1b563a274e3d6199cdf0c7b82194e645a3e11fed58dfaef0bfc3f36965b378b2b