Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2024, 23:13
Static task
static1
Behavioral task
behavioral1
Sample
6c96f44717d9fe953530cb866826e844_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6c96f44717d9fe953530cb866826e844_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6c96f44717d9fe953530cb866826e844_JaffaCakes118.html
-
Size
50KB
-
MD5
6c96f44717d9fe953530cb866826e844
-
SHA1
2ce81d197c57384569f0838446bc451947571a44
-
SHA256
11afc0214f50e3cb61bba3a6bcd753ee63c903d9e80804e548e71bb69c28916f
-
SHA512
9d1cc69c86a848a39d02b8263c3981dfa161813e66caf410e5c34adf45a7be40001c7ac1035ba986428cf3fb52f755c16f3af0b25f07f8274ce6f6bc9093162d
-
SSDEEP
768:wVu0AiqYZT32qxeQtRgdyEEC9pULHKeMWITTdhSGdLLX:wVu0Ai7sdLEC9pULqeJmdLLX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 4524 msedge.exe 4524 msedge.exe 2092 identity_helper.exe 2092 identity_helper.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4524 wrote to memory of 1292 4524 msedge.exe 83 PID 4524 wrote to memory of 1292 4524 msedge.exe 83 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 4324 4524 msedge.exe 84 PID 4524 wrote to memory of 1924 4524 msedge.exe 85 PID 4524 wrote to memory of 1924 4524 msedge.exe 85 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86 PID 4524 wrote to memory of 2384 4524 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c96f44717d9fe953530cb866826e844_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef47182⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
258B
MD528ffecaa80f2c64fc023e9c14e6ee589
SHA15fc4dd23ae22b039ea0de3cba9473107c1f9f2dc
SHA256abd584eb56a09032f60125817a1d6dc94170009c5528e7612467b19bf58c2837
SHA512a3266c7c3045151fb387b637140b8f1cd217db4ff50fa5e6a453b60e75095b103f44eb575955bcbe7f158b15330a54f955ade546199be276c3b43921e936e4a5
-
Filesize
5KB
MD5c6360c2e1a1352dc1706c8fdc640404e
SHA1875c7ca80d0c6fa663788ae83a9ae65fd84d26c5
SHA2567e2980addb79de43e110b9ba8f5f58011887adb5119b06cfac18ea30dcf92fcb
SHA51291e8631b57a2f44a4dd7b145c46111f8cb2b44d851da9ab6008f7dde88a7b1dcc39784c27225a8ba726271334eb0b6eb32ad84857eb7fa68cb99654ea2dac8f3
-
Filesize
6KB
MD5776afac7bc971c10162982c830340ff3
SHA18c0e6617b45741eb9f33843e008214402b1041bc
SHA25652cd4d310983e8e1ab3d524dea0cfda1568cbdc9a474457c2fe25284fe866209
SHA5125d098967bc8864e31d6b631a55680e685e2dbd593ae8da4e251dbb9117ce56a630da6e7a1cad6c8c5764de67818a8c6be620942b965bc75b84881047350e1e0b
-
Filesize
6KB
MD506cd37170d4ca49861c0cab9c4d446df
SHA1f9f6f0c092c52a1cb9581ff7a663d1b1d3914115
SHA25621a4e4495aec4068f20bfeaaa11089f147be45da1cf44d5de021cb129c5cedb4
SHA5123e5675a7ee643bd4cc5eed4f32afeadfc96f8d233140220bdfdf27e9274f4b1cc26d07723f83aaa630d80d0374ed01505abf01a3053fc79145d9f0ad445727fb
-
Filesize
372B
MD5ecf7a038e92fe56460fb83f40d637355
SHA1610509481aa8e69de7f154414aae1c2522d1740e
SHA256c49f7cfca2b306a0ad03922f5d085bbb030dfcf757317f784b17262375b1868d
SHA5123525a4d2ffc4991f7be6e6a02ea9d089e27a1746232f963048277da63c0b043ded0c0d05298d41ecf7b9105a8d7b026b7908607ae86b8b84ad064f6badcc1987
-
Filesize
372B
MD5e5424c43222aac35afe7c1da6e2d389b
SHA16f431870b7bc6c3683027f93d0147cb8443d778d
SHA2560d0de37a0b7b8afeb03c4539d64a1c16a0f444c5df55777244f93274ca597b53
SHA5128343eb85587bdd81026f7550c87c322b280d773e68a1f3d5357c9e9fce28d7a7ac09ff41f08b81de8ff5edfe43b2d5b7b27980d61a912adf4c3a951f5d318440
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5e7dda18678826e08cb3804143a1d4d93
SHA135f021759d6cf266a7ee008360d14908bdfc9780
SHA256a1532b88669019a107c9d04598285e74dfe4c13d9bab02e99d9150ee5d2b766f
SHA512a739dedae96192d1987898b6899a3781dfc73ce47d7fcd06d224ff7261030bcdc112e411cfb4d2f25ca6d75253ce57963f1e904dc15d0e754414591d49af127f