Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 08:18
Static task
static1
Behavioral task
behavioral1
Sample
62a1a739cbbccb3d0384627d2600bacb_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
62a1a739cbbccb3d0384627d2600bacb_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
62a1a739cbbccb3d0384627d2600bacb_JaffaCakes118.html
-
Size
27KB
-
MD5
62a1a739cbbccb3d0384627d2600bacb
-
SHA1
1a1065067d7a17d6945886a5e5730af3433f35c3
-
SHA256
76948f43cb34051c9f33a3dfbde32228c625d456d187dd9c6e22813b768a73df
-
SHA512
f29a2fdf210772f82553f0a32c8febb4b79437deeae9c99df3d328cce33ac9a379b22a910e3b730c38cac8be134be7a654ed744587d32dd425608f053ba13b20
-
SSDEEP
768:SGzdsFqvfudlQVV1C5m1CCCcmzm3C/CnCQGjiNP8CgekCFz2:SYdsFqvfug1C5m1CCCcmzm3C/CnCQ10n
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2264 msedge.exe 2264 msedge.exe 2844 msedge.exe 2844 msedge.exe 4996 identity_helper.exe 4996 identity_helper.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe 2844 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2844 wrote to memory of 4800 2844 msedge.exe 83 PID 2844 wrote to memory of 4800 2844 msedge.exe 83 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 4344 2844 msedge.exe 84 PID 2844 wrote to memory of 2264 2844 msedge.exe 85 PID 2844 wrote to memory of 2264 2844 msedge.exe 85 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86 PID 2844 wrote to memory of 688 2844 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\62a1a739cbbccb3d0384627d2600bacb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1a946f8,0x7ffee1a94708,0x7ffee1a947182⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:82⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13122217450734957863,7980049151960827995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1156
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD5a588111a5bc8e396297da8911b64a0cc
SHA1367d2fc69f47f99dd6a4e33ed010250e95c3d1e7
SHA256c0c4c40a98864ce4ba2e5b2204fb4934b3ac2b7c09ff28a92cf8673b9449a4f9
SHA512e5cc5213050a421c945f572fab1de22c1776a4623df1207ef91091de525e1cfaf23f3f16838cbad3be952da9872bc8b03ea2bdac632926eaf5012ab57b369c02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD5059b30262a87e3f2aba10f90afb7c508
SHA1582ebc3973f87868bb1f4e002eb18fe10b8b7f8d
SHA256fd33dcb898d98409f7e449d3fc486af0a18e796f8dd4086d18c0fdd0905e5cc3
SHA51223d5febf35782e9b8cc0487eaef123beda52fc864e859a3aefffabd3895c3afb570967a0b3c23729fd7ec4b8f9f3c14396ce4194e20e685d810f39ccc74cd86e
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
508B
MD527fa397400cc6ff3b0c13f28dd7eeac9
SHA141cf68241a4d28d3182af99bf7fc707d25a384b3
SHA256bdc8a58b8b01834bb241fd652c28afc4ea8fd1ddebaeedd118b511e09a0b8abf
SHA51257a002bd6a1e2ac4be4c64a4cd052d328b5ae19f95233167af3787d86dfe0f8f2990ce78fc0597e0507be41e3276fff27ff1488fcd183784ebef0bc3ba4188fc
-
Filesize
5KB
MD571f3b241e716a05bb1746593cb810bc6
SHA11dcab22d89095c9c81a6e960f129841133a396b5
SHA25647829ba685ad3130a72c0e4f712e3aac2eb761f69562b3989f54653105f7e8fd
SHA51238517e659d11fa724c3f675c086a1560ee77f13cff90847e7450cd50e89448f5a57e164adfd347ed02d151965672bfdb8a33feffd888e9a6d9f887351e45986e
-
Filesize
6KB
MD5384ee067d96ef9ec417ab6719c7e43b8
SHA11477ba16e22015f28fb9297f5e6fba30ab0f28bd
SHA256c0bad6d2b85ff3b2efefd71cc865b8f09994b98f9a1eaf5c03799e605f0890e9
SHA5127ca484df599947eea9cd31fa54749b915bd2dd8dd56fdf506ca4d8a4af89a99acf41eea48858d1d73c03b43a3a6e1b9161d6651588a0e25a034cee75de5816f6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD529cdd00fb2b9fc612a3c258bcb62a8fa
SHA166aef2fb06a896480565b54750dca9ddfd6f0b15
SHA256ffc1cd3f5c0088ee36ebc528088516a596948e535c1ad842d683b779cbf17956
SHA512153e70c615af85b7384a7fe1152e9ee595d1d574a1a4c9255d5f753a5ca4dc1a995dcdf8afd2c4d0eb7d510cba4b453bf5414852a9ef2ccbffd92f7c2654f0c0