Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 04:39
Static task
static1
Behavioral task
behavioral1
Sample
620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html
-
Size
51KB
-
MD5
620e5ac154a32ea15f85cda461d23e85
-
SHA1
caefd90ed6327fd57de117922d41c7aeb4be256e
-
SHA256
d7a6ea81302b3dc14be90743ba89ec19f4570239c4f36ce04294515e7e4fe1b3
-
SHA512
469a4e2c93fc214b55618ef11c7c4a91eba4927eaf702daf18e40df8c172fc490a03ea1aa1e11dfd0e0651f09f8dbb9a803b2266de983a49568c1b15421471d2
-
SSDEEP
384:NZFHApXITWDKzXMj2o8UR5UUIfn3sm0V7ZHUa8xWEuepCXAEMHnEwNfBgUg3CUMv:NZFYKDkFGMlkX/72oBOWlE8s6t0G
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4672 msedge.exe 4672 msedge.exe 2024 identity_helper.exe 2024 identity_helper.exe 2120 msedge.exe 2120 msedge.exe 2120 msedge.exe 2120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4672 wrote to memory of 2176 4672 msedge.exe 83 PID 4672 wrote to memory of 2176 4672 msedge.exe 83 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 3160 4672 msedge.exe 84 PID 4672 wrote to memory of 4644 4672 msedge.exe 85 PID 4672 wrote to memory of 4644 4672 msedge.exe 85 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86 PID 4672 wrote to memory of 4732 4672 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e547182⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD504c16e08009480f5713fc828108a6531
SHA14bd762b9ae62737edb2d16861f4e5782dca8f050
SHA2568fc8c6573c7ad49c664122a2e448f64ede771a3af611db412abbdaa15c0db969
SHA512888603b5aaaa04c658defc0dac5b36115228c7e16e038e78ec6e33e1dc6a47cc9e46728a7c6b217e28d2e1157c08d7ad867b75c5e24017bc6f0c3908846f22c9
-
Filesize
6KB
MD53f569ac07c28d8f45c9c9f5aa8854933
SHA16a5550eb8db2f57cfdc2b7ff883928fa68142ff5
SHA256f19a1f4fbfa67526307baa739f1f12a19d6ac305200a42d7d87d69ba78c2e030
SHA512e23906dca768ee316a1e434737baa04f18e458834c5fc98bf81f48ab0abf11ea3af87fbccb5981bed72317a3ed33b2969a00ab3757283f9bf46d48585baad971
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5d8f1d2933f0f98a920a02fd3b5f7e58b
SHA1955637c3ad83d3adc573ccfff8ab48cc961704fa
SHA2567346786cc0aeee0c467a833385244a49fbe8cfea96d1e085c81ff5205f449708
SHA512e1ad8ffcbe8d1e7125fb95d732b62f74ca592a25827384bbb90f06296d781d89c814d28c33357eb9c1c4164cd5850a9913858a7e4debf423d40ea596d34f9e27