Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 02:33
Static task
static1
Behavioral task
behavioral1
Sample
5cbea18077ebfa1cb66e2a58b71ddb3c_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5cbea18077ebfa1cb66e2a58b71ddb3c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5cbea18077ebfa1cb66e2a58b71ddb3c_JaffaCakes118.html
-
Size
263KB
-
MD5
5cbea18077ebfa1cb66e2a58b71ddb3c
-
SHA1
c59d861aed5b68b40df23dd26ccb6d15b013963f
-
SHA256
a210f9e708d4c99541b52f73d0fc902bb007c274784dd9f0f6ba3069f7cc880d
-
SHA512
2e3e6b4ed9bda257ec28a1f3e8287179dbd71d42e1c52f248385a86bd7458aee0cea782cc48abd6ba3f2df185c07214e06730836470278b64f2023ca5a00f3e3
-
SSDEEP
6144:Sd427eCsDTjBseNHxgB0bBwA3uvdgTt1J2RvBo:h27eJT9seHVbB7eJBo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 2428 msedge.exe 2428 msedge.exe 4560 identity_helper.exe 4560 identity_helper.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2428 wrote to memory of 4852 2428 msedge.exe 83 PID 2428 wrote to memory of 4852 2428 msedge.exe 83 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1440 2428 msedge.exe 84 PID 2428 wrote to memory of 1528 2428 msedge.exe 85 PID 2428 wrote to memory of 1528 2428 msedge.exe 85 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86 PID 2428 wrote to memory of 1708 2428 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5cbea18077ebfa1cb66e2a58b71ddb3c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff99ca746f8,0x7ff99ca74708,0x7ff99ca747182⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:82⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12582906017998552039,7248947142426282797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
618B
MD5b5bf579e6344432af2d904615f65e8f6
SHA107b0263eee3aad7cf42f83d9ce2e15ccffdcd502
SHA256124db642b961386bb4aad78ec759cb85ec14f6f0bb9819b6f15556e308d32067
SHA512f5a0219e8faff8c7ac18af534970c0bd52920c46a27b74139ffafa139b46ac9a9a901d0407d86dc8432ba2bab84124ae7a7707af1675497fc93e8349aa4349ca
-
Filesize
5KB
MD52adc18ee3051f310b2af917cfbbd6d38
SHA195db8f25e7b886013a5a2730c75f1fa2c58e4579
SHA256f6441f05cdc3a227152f10d6a4b1195a73aaa4a3051cb30fc6e359e06998bf38
SHA5127ce5b9c7b580a6bc98066908446a9942ca5c1f929c5fc9d03f37af0771a66ea8d48eff2b1137531524b23b6b10edb7e56e6903b3105b2ea477727233395b2de6
-
Filesize
6KB
MD54874cb2aaf6b653ccf07a733b00bfe33
SHA1b50f5f9efcc51873ad17126f71525c9fe009ae16
SHA25652662c80cb60de98ec0f2415696c747e4b1d16d08f844a4cf3cbead3a11d3d6e
SHA512db55a638c074b1c1e842c0c5396878f6d74399af78f744285e0b55208b36aa49fe5526559cadf7e26e2df68c2fec91f6b4aa6d45688b0dcbca27794c16a7416d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD534638c0e32ef84ea5294ee4bbc90cd84
SHA12064e724cd17238fd08278a0860ca3dcd54c809f
SHA256f80b9051af4ee38471feb43bd6a32b5e0474ada57684b671fdafadc5efae6dfb
SHA5128c1e283c1500ad040d907f2a8ea369db55d0db00c55ae0e44ccee7c7e8c5497e3d9bf825f158c6c1b82674f4d2915a4e0bd92472c928592570b606bf42d812a6