Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 22:14
Static task
static1
Behavioral task
behavioral1
Sample
6ff5e1a9788ea6d5990e3db26f324531_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6ff5e1a9788ea6d5990e3db26f324531_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6ff5e1a9788ea6d5990e3db26f324531_JaffaCakes118.html
-
Size
139KB
-
MD5
6ff5e1a9788ea6d5990e3db26f324531
-
SHA1
3436f9d4a635b703db106b2354e5a74391f93517
-
SHA256
d538127e9370f1ac4f3d613579381c7929e58259495ad85b63a4694189c47291
-
SHA512
6adc466dcb7f922544f39256f74d101cbb6fe78ed4630762677dc8ed01ca09c02acaf36159180cdd3c24886219783faf576e7de009c1ea90cb058170a4756dba
-
SSDEEP
1536:StVfwskdNqlvJb2yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:StmBT02yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4104 msedge.exe 4104 msedge.exe 116 msedge.exe 116 msedge.exe 4612 msedge.exe 4612 msedge.exe 4612 msedge.exe 4612 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 116 msedge.exe 116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 116 wrote to memory of 1100 116 msedge.exe 82 PID 116 wrote to memory of 1100 116 msedge.exe 82 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4300 116 msedge.exe 83 PID 116 wrote to memory of 4104 116 msedge.exe 84 PID 116 wrote to memory of 4104 116 msedge.exe 84 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85 PID 116 wrote to memory of 2364 116 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ff5e1a9788ea6d5990e3db26f324531_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e2547182⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1496715533590415416,17459558262496486492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4768
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
6KB
MD5b419272bf7ecd3d99ca921d3e0cd7efc
SHA13d570868d8e4a13a54aa7a0d39389ffe628ce0c6
SHA2564b02f6926287f3af90ef7c06892df4ae15c5e3e74f87252efb9defa5fb213c7b
SHA512312344d8ab6b8c9c406d6fb4ed6c1f2f5fe36936969a9a48ce2142e81cbb6dda5da02817a27268132873376aef64ebeb45e702c6d58be6ef3b15dd6c17885e23
-
Filesize
5KB
MD5f8ca8aa0c44ba04284006011fa1b0442
SHA177ff49aa13c96ca43186bcd7d343177fc2eccf12
SHA25608de91b31140d6c3655b74b7ce545bcc97bea6188edb4e26d80ddc47db470247
SHA512c78eaea5f0fdd8635c8e03f17c782a8f180da57fa799ec2e2d9b9168e5c34d30965c469f93f63f9e904f3daa3edde84a5d94fdef46501cb45b219ca4c81fc809
-
Filesize
11KB
MD54bac5258b18ea8d85e1c431e2f39b5b7
SHA14b5af070356554c49761bb0da48244f513c63844
SHA256138cffebfbe2e7bc134d79deb2317f561b034c61d5fc16bebbe3ef73bb22a3d0
SHA512484ffdb32fa287bca6466739d9ebcb889398a4e8ec931a6c534d092d6c31cde7b610007ad9ad198ed4691021f64cd40c9c196d05b33fdc44ecf874394584675b