Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 06:05
Static task
static1
Behavioral task
behavioral1
Sample
5d8bc0dba63b82615356238a17106369_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5d8bc0dba63b82615356238a17106369_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5d8bc0dba63b82615356238a17106369_JaffaCakes118.html
-
Size
21KB
-
MD5
5d8bc0dba63b82615356238a17106369
-
SHA1
9f42e12999a789edcdb7eb67a650dd67f5e8abeb
-
SHA256
1cc39bb2223e24198daf92228abfbdf8f59ffe7e3e058aa5c869cd43f1d3b923
-
SHA512
abff5056b70497c18073a0d7023028b956fbb3c32f6b61a7aaa6806da30e5833153d98c3d3bca68107ff070b60ffd6ad3ca962aa4fc868c1f1623306f119e121
-
SSDEEP
192:Hqvl596UDAvWZEYsEEV9Bo2UQB7m09Vea9aSdNVMjP0kuS:Kd59CueEEVk2RSawRP0kuS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5136 msedge.exe 5136 msedge.exe 5312 msedge.exe 5312 msedge.exe 5456 identity_helper.exe 5456 identity_helper.exe 2496 msedge.exe 2496 msedge.exe 2496 msedge.exe 2496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe 5312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5312 wrote to memory of 3532 5312 msedge.exe 82 PID 5312 wrote to memory of 3532 5312 msedge.exe 82 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 1420 5312 msedge.exe 83 PID 5312 wrote to memory of 5136 5312 msedge.exe 84 PID 5312 wrote to memory of 5136 5312 msedge.exe 84 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85 PID 5312 wrote to memory of 4528 5312 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d8bc0dba63b82615356238a17106369_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff427247182⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:5124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11643945202996161279,9211010841460888671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD580d2b3233c2c9db25d05cebcfb1af707
SHA1b7ffc56f3d0afec09065fa32ca314f4c9ee6e960
SHA2560d99dc32435b84116dfab79fb4360301bb52e07fa93e21167b66241850876747
SHA512481e327eb37119657e5dd297b23ecf6382710f8fb83a5e77fc03c7e4f5cf55e49b0d9585de3d240b541b69f87f2fb575bd1933eedbbe9cb77943183f5ffa2c4d
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
188B
MD53ac70ec3b01b9b8b6105f0bf9ed9ad3c
SHA1270315259bf2d3a7e3d60bf38dc4093cb71fb64f
SHA2565a7cb3578ec3915ed31d0d988f6c7e378e39a9efec5194c114b08d13e324ceca
SHA512825e4ef334d21fbe3702355d27e5ebe3fe60d530d9be9330c6cde61d4a9e0121c36c717bbcf69cedc4a1f1d8349b687ad2d82cc8f45209c0233034b063d745e5
-
Filesize
5KB
MD5a1833a55d5ed4caa5926408dac9f37c9
SHA16c96fb1d11c426472f438c7f95b062475d151976
SHA2568f5033ebc1ffcf5f37ae0b63e1f405159376c0ffbdba2f385ec826a07a2fa011
SHA5127bdcb9988d8bffb0db2662ff4e4786c99ffc151cdf754a7415c32178d2951fb9da832a92dd7d37b366c5057145b9e4dc33f6ac47e642a679defc904a9c583d17
-
Filesize
6KB
MD5fe3790f0756ec7def01c42a028597295
SHA1abbafa0c9e38153981aa8e7f214c8ca1b08062e3
SHA256c5ab73ce791cb60d395eca60c5425737b01ea11033eb30807ae659bce3834412
SHA512ea2204e99a13db1a87320a24c87dc087000a5738e7522b10d236c6dccc54e70460b8a4a541cc7240256eece5a4db951fdb8a2bdfd8981280ae2d97cc5a2155fd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58fa70ead7cc3209a77f12d61b2b9a384
SHA1f210e50b7d589e6fc795b9d8790182e3a4c3dc5d
SHA256f44d55614ae518eaea243a91c8a1f902d0a710ead9a04c4d48e03a53ad1c6d00
SHA512aceff4b867b689d116400650eb08da2731a4a0ad943ebeb65c9a6547d612bb2fa254e770c7d186bcf6ec04a1ee92c5d3ce2af5ace45878c3d5c3a850a475cdf9