Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 17:56
Static task
static1
Behavioral task
behavioral1
Sample
6f5bea45989b31ada8d4c0361f4ac55c_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6f5bea45989b31ada8d4c0361f4ac55c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6f5bea45989b31ada8d4c0361f4ac55c_JaffaCakes118.html
-
Size
81KB
-
MD5
6f5bea45989b31ada8d4c0361f4ac55c
-
SHA1
5ca44cd5fd9a510bd8f83d1a105f82758dcb105c
-
SHA256
93d1c8435596bcf36163fcf407e9f8b450c9de29280c5eab1ed0946e78ba344d
-
SHA512
1ff70ece993ccc2467234f30adc608fd6c1dc9b91ec8e3a3746aadd2c41bf4e3346405b1ee9af93c4e4f61aebb48e38c773dfa02ae683e8df11a8c242af3d4ee
-
SSDEEP
1536:XoNVoqp2YWMOI+gBoQCJSTzNfcG5bm4P03f8TcfYMiWvwEJ65GCinpdoO/EzkWz+:XoNVoqpjWMOI+i9TzNfc483fXYMiWvw8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3688 msedge.exe 3688 msedge.exe 2928 msedge.exe 2928 msedge.exe 3664 identity_helper.exe 3664 identity_helper.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe 3768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe 2928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2928 wrote to memory of 1176 2928 msedge.exe 82 PID 2928 wrote to memory of 1176 2928 msedge.exe 82 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 2636 2928 msedge.exe 83 PID 2928 wrote to memory of 3688 2928 msedge.exe 84 PID 2928 wrote to memory of 3688 2928 msedge.exe 84 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85 PID 2928 wrote to memory of 2424 2928 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f5bea45989b31ada8d4c0361f4ac55c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b8947182⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9143621171690994212,1436991188375424345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
700B
MD574b6b0b36bfc3baba1c5ec0ed5b557d0
SHA1e09d349498609fdd24fcde7dba7abf789f5bb224
SHA256251b3869dd1f21c1379ad7536b0fd38efa6128e6576bbb23a3739e182b2f9839
SHA51243a9b899141d819e79f6ae966e0002bffb65ed8b3c1d1b41bb6b36df5103b73ff2aa6469f16fdc97ad7b4140198c8aa0b4c1816331f9122add4561ddaaa7d424
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD578bc7f90718dfe9c4bef28afca560eed
SHA1231a6a1fe83e80c8940c1ac31033cf0f43fc6044
SHA2562e46152b7f7e22a3694de430c87881a90fad69fa71812b7673dfc2763777f74b
SHA5127a0d16922de425c70fcb788efcd4d8ff25a668cf4020e96e6c9bfb1720ebfb8670eb9ebc90d8db9afcca3c0f2aa37756b2a124870e4698496b6cfdb6d09e2f4c
-
Filesize
6KB
MD50166655385861381a8fe6241d64efbe8
SHA14ac60093c71991b881e2db5ed7ba2e59f90f2c04
SHA25618949c836b1e7a576b6dbba6c301e377c3db65e77e541aaa01e9a1756ebe004b
SHA512e23047f1aee1c58114e8ab1adf71f827dbf3e5c3bd1796162fbd45073908c4445426ba6ae7ef302883ac4e19602748530f8978e38878a1f3e59870732e9293cf
-
Filesize
6KB
MD5b0f9bb4c321ce8dd0fd9c48935a42980
SHA1e1fe51865b87a0ae4388022b902565570e388955
SHA2561b32a7e39b30314bd081d42a4d50f9ba2dbfc82efff7233954dd4d871d721031
SHA5128f61762cb21e13f2734f274cae7b09766e7a3c21de2a63f97a8a77b3724e444cbd29c45667bafe0dfebce59eff0f5a6671df978748082c00af07e1831737333e
-
Filesize
372B
MD5d0f46a383f921ddfe6af9d3aa3593497
SHA124b4fd944008d03446f74bd5f2e3d6dfe11e7d94
SHA256417ef237698646bba8c1e3f3d5e31ae8effa6f7ce87460ac6c513163b89c25c4
SHA51261b3390c38e8542bf8ba67e7ea51f7f48801056c94178af18ca56ff129e6836c06609698842e7df6cc1ed681520c4aa5ca1375430f67aa8219c21b55048f39b3
-
Filesize
372B
MD595052353df36e7697e5d0d335ce92779
SHA142a8cc13827ac773a3f1fece673b1f615025a360
SHA256786c301185cada77c791ae6de4d50df5006b7a508a94111a24959090ba5fae71
SHA51209687a485801ec73af0a97e721f80aa6a13c826560c584071c7a23d0585117ebf022b9393f33a640529d0acc1e17d414d33d556d7f926f658309084731f6b48f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b74a1aa1d60ea4f2944a09dff6a022bd
SHA1822bba48fa01593ff393880bbbf3a566ded958ad
SHA2561b6aed50115d92ff232fc35147a1a4d6eb66fcd4da4ff9bcc6075b0956771424
SHA5124c5fee806a2dfc24c8a2591a2bfb7365fb95006dae5148f008129892c1745afa7362cb36d41f5a024aa0dbc956d5bf8cd905a2d4888d2c91ff7d6894f7f0c7b3