Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 07:41
Static task
static1
Behavioral task
behavioral1
Sample
4f07a63a15153999cd3f56eb344fad44_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4f07a63a15153999cd3f56eb344fad44_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4f07a63a15153999cd3f56eb344fad44_JaffaCakes118.html
-
Size
36KB
-
MD5
4f07a63a15153999cd3f56eb344fad44
-
SHA1
cdd9a031ec3b6f072e29d735c5c44df19512ec67
-
SHA256
284b8f8c00cf71e5e75c64e0ab0167bfd0cc89d728d571daa78bdba03656b7a3
-
SHA512
8943ae070386dbc78c3d7e25ebc8e862cff932b9411a2a3b84ae0f1407ffd1c5d33c7377a769b698e55f6282172d8b563a077f5ebef22a779bce213a1009e29e
-
SSDEEP
768:zwx/MDTHrj88hARWZPXFE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRT:Q/7bJxNVNufSM/P8CK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3832 msedge.exe 3832 msedge.exe 4556 msedge.exe 4556 msedge.exe 3076 identity_helper.exe 3076 identity_helper.exe 396 msedge.exe 396 msedge.exe 396 msedge.exe 396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4556 wrote to memory of 1460 4556 msedge.exe 82 PID 4556 wrote to memory of 1460 4556 msedge.exe 82 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 2580 4556 msedge.exe 83 PID 4556 wrote to memory of 3832 4556 msedge.exe 84 PID 4556 wrote to memory of 3832 4556 msedge.exe 84 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85 PID 4556 wrote to memory of 3528 4556 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4f07a63a15153999cd3f56eb344fad44_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc66746f8,0x7fffc6674708,0x7fffc66747182⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10646113848765921342,8373067815349835042,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4548 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:396
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
614B
MD507be65925a9ad1acb82dead37f468659
SHA1ae5fa7fa6c7c6bc106cb1bffa05c5c838ee7c67c
SHA25621f77290159fecc2ab44f301704a2b4d38bd291e0187c706884a4be64f2cb273
SHA51239f72ad5ae48439388fb9d666dbb8351226a0c6180192f9a12f34b1230fa4ae5792f9ba3a49f62c5d67ad60eb666fe31519af81292860e127c6e9afc345210c8
-
Filesize
6KB
MD5ab4d4e8a7fa581a6c87f964888eff528
SHA12d83f8368f66e51f7fbb6afc18793d707d28c5e7
SHA2564412d3708e18ce2ec44b6ac660d59680792e8da87344cb94916519aee4a20002
SHA512580d615760ad621e5b761fc26a7b90979680160169abff16b280650b9a32ae104a3b79c101408d1e27b5568926cbe4ae7ce725671e04a7c6220c8ef0c7ccee55
-
Filesize
5KB
MD593adea49f5551d562cae50adc094dac5
SHA1279c778bb6e5e0af0107a536c30e2a6f99b46fe4
SHA256623a1a6c6b7d9bb28922b73c13f2bb68b05e1d8f82e737df0e1918aa1e9007f2
SHA512a5bc61f4e21d8a07750b0420fdd4a1c5bfd91e3b0fb758d9dc11fb3448c919f162133918fec7ed1d3907637d51803af78cd6688df8c6c86cf1be68c1591e508b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5161be5e1d5555d06e62477daff0ac2c8
SHA17788b15ceca0aed2f669ebd77c133ba51388ab75
SHA256c1c8af481da4499d43caa4e0da4ab48ef0bb7791e28a2650bc590395d515fed8
SHA5124dc94d88b11db4a8ca61f66a0ac192f79504bad1e99c913d32ec5fbeceea8dda0efee42aec6bd58e5f3ba6c47fd902e75063648caf34def84fb63022ff0a539d