Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 07:04
Static task
static1
Behavioral task
behavioral1
Sample
66684f828b6905c43c4e5a2028f1bad4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
66684f828b6905c43c4e5a2028f1bad4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
66684f828b6905c43c4e5a2028f1bad4_JaffaCakes118.html
-
Size
184KB
-
MD5
66684f828b6905c43c4e5a2028f1bad4
-
SHA1
4fa047d08392c7d9b58963f24791ee055d666b29
-
SHA256
b7aa351747f849646ade399d7ffb223aadb02ce25c10009ad1bfed343aac620f
-
SHA512
684e9f876b800d05ef0650c4f904aa366fd62c42e7eaed5b4e94e809e4e0a2d85c27563a55dbbb9dcf7e614b9f8648aaef26af03bedb03c75f1cfe813e7b8bf2
-
SSDEEP
1536:KMiYiHhzv/njbO6QVL80E7sTWRfa7m6gblrd3D8ihZ697/GXmNJ0zIf7iK34FPgH:KzhjjvG83m/GXmNJ0zC349T9illtxVR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 4476 identity_helper.exe 4476 identity_helper.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe 624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 624 wrote to memory of 4312 624 msedge.exe 82 PID 624 wrote to memory of 4312 624 msedge.exe 82 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 400 624 msedge.exe 83 PID 624 wrote to memory of 5080 624 msedge.exe 84 PID 624 wrote to memory of 5080 624 msedge.exe 84 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85 PID 624 wrote to memory of 3940 624 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66684f828b6905c43c4e5a2028f1bad4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefd5946f8,0x7ffefd594708,0x7ffefd5947182⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:4068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4966962643635697144,11433298274898960233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
502B
MD5303988a0b22077f65d9af70674e64b9d
SHA1d4fa7d34a0fcdc365d9ecce8c7262f7a069a2083
SHA2561602a07992e8042227a8d72c3a14704038da4a87b4ab3d2ec2aa25d1006cd1e4
SHA5128092ef252489378ff0005ea2ee7897fd2af8936f96752f0153606bc7698effafa9b40c916c8669cb4120fc2767b9bf8fae0dd186579aa18567f735011c75881a
-
Filesize
6KB
MD5e043403e1b76d691b510d33007a7c360
SHA1daf3995db9fc0b85bb596916624d5204402318b6
SHA2566023624389e96ade9f854d037cad361bda94b7894ac7b4c295dc86c28a399ea3
SHA51254713bcb7c2582685bf573f58a444afb5cf114799687891baf95316fc6f252c7ca4f90cf0e890a082d4b0e797c8006ecb1a5db4ae1c102a6215fe5534cb183f9
-
Filesize
5KB
MD500f01d48e319b8b1bea60fd501ceda22
SHA18546840b3f378743b43cad0aba15ce5f57271cde
SHA256af1a1323345ebc87ea7ab429050358177b93a0246edde4c5398dcb78801b1e6c
SHA5122b78cb81380ca08175ca4d3adf443d19bbae1491efcd13e6d68b2238332876a06eb627c7da86687a4246578843fcde80a7b062aecedb106af7452f93f2cda0ee
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD50ff5280318f8a94b331795a7ad0604b3
SHA193ec65b896023205e22bbcf4257edf73b4b9eac3
SHA2564a037ef2645d7a82fcc4d42e222b97dad36910a34d0e392f109630099beaff85
SHA512d1b46c784f618add26144b78665292d563e6dbb8290ff53ba6badaa108688276b7c35ea753a2651e041a26a43ad7e2dd2236f7f86f14581c694f21b3696942fa