Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 11:54
Static task
static1
Behavioral task
behavioral1
Sample
6e6c4d495f71ec920255137212a9f805_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6e6c4d495f71ec920255137212a9f805_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6e6c4d495f71ec920255137212a9f805_JaffaCakes118.html
-
Size
4KB
-
MD5
6e6c4d495f71ec920255137212a9f805
-
SHA1
1079b1b6d2f69dc17073becfa1736365998be7ce
-
SHA256
70698330c74592ba6f4c29d228915980ecd1413c13ff8d8c438f5df0def4bea2
-
SHA512
89013ac77d3f109e68f44219e2506469c93d72468623d1c8c78211397ef75e3b3a810bc8f7d41925cde638e49fe271bb9e7279228efc4aab2c7b2b9ba479cb9b
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oaz+wd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 4100 msedge.exe 4100 msedge.exe 4448 identity_helper.exe 4448 identity_helper.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4100 wrote to memory of 4872 4100 msedge.exe 83 PID 4100 wrote to memory of 4872 4100 msedge.exe 83 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1440 4100 msedge.exe 84 PID 4100 wrote to memory of 1528 4100 msedge.exe 85 PID 4100 wrote to memory of 1528 4100 msedge.exe 85 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86 PID 4100 wrote to memory of 1876 4100 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e6c4d495f71ec920255137212a9f805_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99cdf46f8,0x7ff99cdf4708,0x7ff99cdf47182⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1923715010433040788,13753107895593788315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3972 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
292B
MD595a2f9fec2bc05f7659a972a7a87e403
SHA10aba68867f49a7ece84e6ed831c3e96faa92fbd0
SHA2561571a1a02370251047297ab55d1e75b499ebf0af4c4ca284c6cfc0c2350fbff7
SHA512cb9178f7f12cc7a45a8e73ad21c0e6be081bd2f6ff3d697ca441b8725b18b1998f94550e60f3d558613e8ea4b0f7e9db3cc185e812f0b74afbba619512e78df3
-
Filesize
6KB
MD592a22659143b822ec54d969a59acd703
SHA1756df1aea1dca53cf5d750664ffb42a11323043b
SHA2564240776eaf375d8d26f237dfed29871bad709bcd01839f6c130d3f3f1a25e82a
SHA5124487ec3e021a1f26ea852627447a47c27dfbb8134cef7226f9b344ffe9b9e154dcb5f455b58aa9a1a51d2ca7ca817439e0dd137973588b31e1be1b14057f78ae
-
Filesize
5KB
MD57f0f2589cb2f7e360f9e60391832c410
SHA1cca600208bc7b99b51d25376842fff730ccb017e
SHA256c7d6af2e29f00c62974eebde5bbb9758a2e1a6fdf3347737a0de3a67ca38f126
SHA512b6f605075bcf5df0373a16a4477fd57b123d9fbd8575f5d5974d28b348711e30d1ae395c6f0285a6925a6636a24e6612aa8ac08dfe1e939d3c451bd7c5fab1a1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56295c12aed3ccd5fbe7d1b8ba5b5ad54
SHA1b973ace10b82f46c33b1339e86f946c08e9c8e28
SHA256e08caa099bce27d637efe328f6c2832ab533da1d93f757b586ddc7a8f06b03e9
SHA512ab4629a17380158b963ed81e59cf6d12c992bd4ebb7198b53890c068968da4934e420a68ed4e437c217827dd18f70b118ce84f18855870ca39b08c35c63ec8d0