Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html
-
Size
162KB
-
MD5
6879eda0ac1d997bb78a5d6fe0eee902
-
SHA1
d96636fa7e69e855136a97f6470faba28d0192e9
-
SHA256
d4717f907b6f55f06d6a25392616e11e5f0e99a32bb96499dc2d847294482719
-
SHA512
bd3a45bef3e6bb48cd39edeb2253841973c77c144957106d7b6ae3a9be3cb4fdd14748b40e9dac724b22d7d88fb7156558df3eda3b1c44b6fd8e7e631f842570
-
SSDEEP
3072:T0uChAakfXajm5QGvcS+ApxWIdxRS0w2KQa467s/kEDWxweoiHbVmshLBwKOciou:40f5zSu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2824 msedge.exe 2824 msedge.exe 4496 msedge.exe 4496 msedge.exe 2208 identity_helper.exe 2208 identity_helper.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe 3472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4496 wrote to memory of 2388 4496 msedge.exe 84 PID 4496 wrote to memory of 2388 4496 msedge.exe 84 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 1236 4496 msedge.exe 85 PID 4496 wrote to memory of 2824 4496 msedge.exe 86 PID 4496 wrote to memory of 2824 4496 msedge.exe 86 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87 PID 4496 wrote to memory of 3228 4496 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef94247182⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
182B
MD55fba847350341dc385c90bbd14b812f4
SHA1986d1713b103f3d565ccb88077a8598c8393a24e
SHA256ecb5860418331ce7b5253419ebab9fb495ab9dba26b7d0751699949555074372
SHA512227478553cd394c0ae057d78160c461119d7418765a14ab55ac18daec588ef8883c09c931adc149f380fead0a6e0e92cb0d6d8c29c27cacd63143b615b23e830
-
Filesize
5KB
MD52e2feaccf8f4c0aa1432b9735aa4cca8
SHA1e355137763885e1459701a19a9ed31b2c0f909dc
SHA256003fd9f2439e73f1290bce8b2ccc347620df804712ac16d08668257a6f5a4d67
SHA51230acad01f91dba2780dfc86087d415af7c1650d9e8ceb0570b519737a6e6c0527e6e05fa3c889b9c2b824f669ad100cfc67b655dc4d1f59ae1ff820cb89f1b7d
-
Filesize
6KB
MD5bf7cf1f8b69932a421ff0a38e40ac9ea
SHA1f39f352eda3ed9e41ce7ae9ff3ef992543f67209
SHA256fd7df7d4d05f3ffaafc0902a08a92119d15535910e684233be841caa5dff1de7
SHA5121ec7027fce6466bc000bc23828be7268a9fc96994d76f1220d9394f69eb0c1c4c969c52560e177c79dc9fea8d5aa18812ce0fc8080b65b216684e3c98042095e
-
Filesize
6KB
MD57d895e076554668973394023293828bd
SHA14a64b6a6ca601bd28cfdae29872c5aac94f72df4
SHA256d60fc90044da9f25b7999f9fa8d652d98fa13ba86a94299bc0b2c7f9c0cc02ad
SHA5127c6a126a392eb76b7df5a853bf2a6ac6c35f2ec5005756002f7022f1642a4964fbbe82e519cbcee08bd59a5dd71868e32791edc50febc0f6c94beb521cb1f4d5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dbba446f74148ebefcf36e4c2b5e951a
SHA1abd52c5b7f15231c5872b0d91294fc6197355191
SHA256d583ed2da931562edc2ea3a55cc6875c74c7cbf57b317511608d2faaf0416514
SHA51267765298542a5eb76ab6a40feafa3c657a69e45c1daa01e7fcaf7f88b3f38aa870a5f54b630fa74cd98ea73e978c2fa2f1b0b0dc7c1892fc3d20a73806ee1cdb