Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 19:34
Static task
static1
Behavioral task
behavioral1
Sample
6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html
-
Size
60KB
-
MD5
6f9bc13084c822e8bb66a62cc2341fe5
-
SHA1
fdc6beba96a3d49d7a5ef4cd96614ccee010bd0f
-
SHA256
ec9833297361b78f2af16d3c07b3a11ec7e91bc629b19753da3c32857707a9ac
-
SHA512
7471a31e5f968405c9be7c65365bf026cc482a73d8da7d2a02cf0dc423528462ccaae542a46b912a485217ddb74118926a973c8aaacff7d4c5cc06e20ab1d2e8
-
SSDEEP
1536:6ha8Jy2tj0eG/JMMerhmIvG4ZePfc5A+OjbxNGdHE9b:6Jy2d3MkbA+Ojbtb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2464 msedge.exe 2464 msedge.exe 2816 msedge.exe 2816 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2816 wrote to memory of 3164 2816 msedge.exe 85 PID 2816 wrote to memory of 3164 2816 msedge.exe 85 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 1632 2816 msedge.exe 86 PID 2816 wrote to memory of 2464 2816 msedge.exe 87 PID 2816 wrote to memory of 2464 2816 msedge.exe 87 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88 PID 2816 wrote to memory of 1900 2816 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e347182⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4104
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37b6b421-8653-45e7-9ee1-8b1a7d885b74.tmp
Filesize6KB
MD5249acf5f9fce32694df00f0b6a21c8cf
SHA15fcc9776fffe022c74d2ba050097f57e6bf885fb
SHA2561fc3c0e7e5151fa04ad70218481dce9a75faa2753189d6d3b0e51a363d22d02c
SHA51286d6deb73dbf5da2685ba195a275b8bd285fc82711cbab7251f6313664c3f4e11b1e0933422e4eaf4993a02e10e788a0582ca49034208e8b7442522ffff74160
-
Filesize
907B
MD520098be19c5744d40af14fd921c1ab55
SHA1519c038aade1b722a91e8dfa7425708aa2ae83a8
SHA2565520efa230676c7a8fe35751747912fa5cda57fbbefc26e2cdee0c1595b3dbde
SHA512204b3becde86419e854e77cab97da8ef408d86ad93af270304701df96a949c06b06c720e0e21fddf236715cff17b210182111faec7e72e18c53cb4edd6eee486
-
Filesize
5KB
MD59a821dc0e26b3b4643646eb919d0e6e7
SHA1d6d4634cc2036d3fc3ddd27bda0686f030d4f20f
SHA256117817ca34758725a234ffee5fcc9c03af998bde804f82f99e62f1fb75c96b9a
SHA5125a6d2e1dd432e9fa8d8d19e1c7c69a2c339c2e2071ef4140074188b57645b53c4a8bc6887bd66da57555f46eba3e9a4e9dc6326ed6655c7c101b0be005382a32
-
Filesize
6KB
MD5745c0ce9da1b553bd81b96ee02308ea1
SHA15165b737b90469d85f935404cf8bc403b177cc76
SHA256f20223b9e901048684d985657ae2f6b1cb6f5b2bf6a5f1f9940929454f48dfb1
SHA512b585626f1166d113aa7b565ab3fd443d249de463fe5bc89e5334503528397ba2fe56e908dbb10d352cc702528942524ee83f1e4687cf148e38adf75e4362f284
-
Filesize
11KB
MD5f3695900357cfe09d2b3cd193f7f2ae5
SHA1a30ccdd7cb9e7f01d126836c0f8842bd5dace33a
SHA25617fd6e16fdc08073a0b68e0abc06573730f3576e86836a429847e7ac117df114
SHA512ccf9fd439091ef9c4a1247434e7d6e3f45b7737f76720f4ff4f50794051f5c13363875fc5fcf87bc3546a1c654e4c48b811b69f05caeb64d17140fda9775f64e