Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 05:12
Static task
static1
Behavioral task
behavioral1
Sample
6d6fbef23a81ea6f17d8947703e4f4d4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6d6fbef23a81ea6f17d8947703e4f4d4_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6d6fbef23a81ea6f17d8947703e4f4d4_JaffaCakes118.html
-
Size
23KB
-
MD5
6d6fbef23a81ea6f17d8947703e4f4d4
-
SHA1
58e67ee35706b3dc1f8da768df35f6e13674342c
-
SHA256
c1864372e038be51bc8d9a692a5bbe9671082335ed1f4170bb53c94ad5f7b0a0
-
SHA512
b77b8999118db74991191c11408d54fa7421396dbfe6cd66beda22a946f24cb7a9651c4e4f52491bd417c82127735564f34e1ecba251dccfdea6374091e53f49
-
SSDEEP
192:uWH8b5nz+nQjxn5Q/anQiepNnynQOkEntWknQTbnxnQ/CnQttwMBJqnYnQ7tnkYs:KQ/CDV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 3776 msedge.exe 3776 msedge.exe 3148 identity_helper.exe 3148 identity_helper.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3776 wrote to memory of 4044 3776 msedge.exe 85 PID 3776 wrote to memory of 4044 3776 msedge.exe 85 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 1236 3776 msedge.exe 88 PID 3776 wrote to memory of 2980 3776 msedge.exe 89 PID 3776 wrote to memory of 2980 3776 msedge.exe 89 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90 PID 3776 wrote to memory of 1992 3776 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d6fbef23a81ea6f17d8947703e4f4d4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c47182⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3651985945466490337,9673948492605732754,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1204
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5178b19f3f8704c241a4309635b2c7f72
SHA1e00cfc4d4679e88b36054f11601875c2483aa519
SHA256d9fa99c07a71fc2765cc8da5396c9cf23fc0aa1032a432d3885bf07a5243d748
SHA5120b19452ddeb5eaca33a4dcbfba70075642ab09dcb81134b38d079d951af252f4f0145a605e12c620a81099a8e8308a53190c0b27d3be71d7bf27ad1209ab6bad
-
Filesize
6KB
MD5066b758b5bad1c6a937029ab0dc424f6
SHA10e703bb3e993060e6e3ae1442a6dd5855b63317f
SHA256b794c0e4eb4ade0fc131f787c44b3ac67a2e5aca81c7d5034472cb34b9b91ffe
SHA512b6dacc356081b38768e9f839a313e931c112b168df44a6d99eea5a047c38f94b033629aaec3e224d5dc9cb360dc12d9160d33ea1dd96b82f9c64ecc568f567e6
-
Filesize
6KB
MD571c0f5ee8e9a28223c410807baa6c0f6
SHA130edfdfd6ff6de652c6d3af075adf807a4edaaaa
SHA2569ba210d8b81d0fb3c9243246f71ee934a79d172f0460da1d5451a578c2e081cd
SHA512ed98c1842e9c05d65a6896b0c0e7426117fe868b3ce6e0c2adb4f4e165bd40dfbed26e152149cccd94a9b2489d8080717428d4e4cde8cbf688f591563d725a62
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bf5227d42dded43f246cbce6c474c49d
SHA16ee1a32c9cc3fe1b3847a5cf31d2abc29898cd34
SHA256082e0c33997e9e3fb86e54614a56e4c64c9be60fe7303a9d381415adbd902b77
SHA512b6d9a2da47c1b3adb180f216497f1f0ff2b84a92f59f52d00d52297272a862d2b8556b0046bfce1cb5a497e9be072cb594e46ec5669c39e7b3a91549914190f1