Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 21:32
Static task
static1
Behavioral task
behavioral1
Sample
68b4845dd776466f1e6fe75b7413c7f6_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
68b4845dd776466f1e6fe75b7413c7f6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
68b4845dd776466f1e6fe75b7413c7f6_JaffaCakes118.html
-
Size
117KB
-
MD5
68b4845dd776466f1e6fe75b7413c7f6
-
SHA1
586db35add11edfae5069129f4665da8fc7f6643
-
SHA256
34eb9174ca0b5edc579b5a50444e6851d41e768fa74edff907dfecb2c56e5905
-
SHA512
05f8800b6a72025bbb8818d7f49d47331d3ba42b1d9531cc9c0617c733004a213eebe9bb1f7b1289a6c1deaa973a72a7e73087da62fe39eb68776ba0e258745c
-
SSDEEP
1536:SgwIXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SCyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2688 msedge.exe 2688 msedge.exe 1428 msedge.exe 1428 msedge.exe 3560 identity_helper.exe 3560 identity_helper.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1428 wrote to memory of 1012 1428 msedge.exe 83 PID 1428 wrote to memory of 1012 1428 msedge.exe 83 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 4596 1428 msedge.exe 84 PID 1428 wrote to memory of 2688 1428 msedge.exe 85 PID 1428 wrote to memory of 2688 1428 msedge.exe 85 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86 PID 1428 wrote to memory of 1584 1428 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68b4845dd776466f1e6fe75b7413c7f6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc47182⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11835884692074751065,18232040351367615905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3328
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD556b433a92908cf174cf749fa0755e8d7
SHA14bc1095f2263f570097cfeb3493e6d64c2f1f979
SHA2562bec0d1008aff30df9f93cd10858300b570a69736331344c0ca0f72f925826d9
SHA512ca59a4b69c5b1a3b1bfa003c05ce38a0cd0294d560cbabf17083aafdf4fd1c7528a08e3ac71a42335dcec1d0bdb346a07247a354e6020ac851c1fbacc1158970
-
Filesize
6KB
MD5b41d4be9a853ff4c5e49bb004872c4ec
SHA15c9e02f22f7a7e5e77fb90cf99a7d9fc0cd44a5b
SHA256fe2b9aa72b572eb4231365c9aa982c1eeff3f2f3c8cd685cfd86782c449c72ac
SHA51280aa70dc2b17d69d0f103a44302b54202740d2d1beb635645e85b0d86e04dc50731607cb615bb0917077d0c496757b2f3ede9dd2e1b3ef22172935ae08d97757
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5aaab407b32d3d9ec9d98d316c535c844
SHA1e7c791c9669dc382426c613501d31b20230fdf89
SHA2568ef369caec9d4c487906294fa2250e74b79cb241787f67ee5ef6b416b14645b6
SHA51272d027c272f78938f7183de7fff48fce3423cb520fda304015a5d8ff9d515a061863d38b92c6faaabb732a1deb19eca3fecb114a89d81002c0a09cb666736e84