Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 19:33
Static task
static1
Behavioral task
behavioral1
Sample
6f9b29fe005b6354ad5b5dc95bfde70d_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6f9b29fe005b6354ad5b5dc95bfde70d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6f9b29fe005b6354ad5b5dc95bfde70d_JaffaCakes118.html
-
Size
24KB
-
MD5
6f9b29fe005b6354ad5b5dc95bfde70d
-
SHA1
e7e175274bf653b8a11490196da71ffea53c4443
-
SHA256
8ed9ebcdd1f4a5fee7913bd1f6fcc8dc33572b5ce9ab2d0e0a9309e2db048525
-
SHA512
496417da225bccc8400f6323ccf1bac32b7941fea22c28968bcd6aae60d18347881568bfbedc20cf997aaee129954e839dcc505dc8d9368f06f7f0b23cedc5e4
-
SSDEEP
384:KCKln/vna6nIgyzV6A8qnlKelqLevxZJ5WBMFJ2vLzRQuO8g0CEaUV+OV3ObMUmg:wLnJyzV6AaVLSt5+W8gs1sTFm67g7BMR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3660 msedge.exe 3660 msedge.exe 1164 msedge.exe 1164 msedge.exe 2820 identity_helper.exe 2820 identity_helper.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3660 wrote to memory of 312 3660 msedge.exe 83 PID 3660 wrote to memory of 312 3660 msedge.exe 83 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 2696 3660 msedge.exe 84 PID 3660 wrote to memory of 1164 3660 msedge.exe 85 PID 3660 wrote to memory of 1164 3660 msedge.exe 85 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86 PID 3660 wrote to memory of 3844 3660 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f9b29fe005b6354ad5b5dc95bfde70d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff485c46f8,0x7fff485c4708,0x7fff485c47182⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:82⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,2799356853020490200,13417076151891125541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
185B
MD5efa3b79297b792ddfa72609e2389407a
SHA17c959b0d9c508607119d7c112fe81939169c8ccb
SHA25604371cb7276a5868761433e311d805f97da580075fc9bf1a66f0a9d8ac9a4017
SHA5121f08b7ea9823ae979382586db83b05c0d0dc5cb565b3946fb8134c0dfaaf61fdf80d6c666ceca6522964ac446d2a2e798e1f0eaff3dd2ab5cae88a793db20eaf
-
Filesize
5KB
MD50596c595d9aa8be5c7b6c8d27e930249
SHA1652b080e9f9bf1f02804c25ca5e25f1574b0f214
SHA25697a2f446dd11388b67d38eed864d3456030fc4152beae479fa836f97035d2b89
SHA512574af3140c362f684bea2dabb8777506f3fbab298b5d262d69aea8e37a86292a804665cd9e9793c3b051abef0692f9432804ca1346dd007fd37ad77264b8c920
-
Filesize
6KB
MD5f8a2c9d876e01b83bd9fa47461abcc48
SHA13c7fcb8e699247d4856fde189c9deabf7f60319f
SHA25670c15c3d4aabed61daa7f51df435a6057ca088aef73b736bd6fe2b3124d2bba8
SHA51285cf275d6654166e66bca368334cc2f3c2e6824c5378fca599d0dde503d8b1341f4875752ca8ea279990109095a43c61c61595add6890258d7018dd18b145855
-
Filesize
6KB
MD5e48d9d2d736e25688d58791e1a41b853
SHA17f8029cd31173ec389722a039b130daeae228c16
SHA256335523c8847b59237fce89379466fbedf6180dfb22b9cbafdfc6340b7dcb7b80
SHA51282d25d0911dc90613581c631898b425b5dbc862cb110d7fe2cc3db2d7cc0738c486a1ce641c84307d3342be8533c714cfdc26a85e99c9c97b6c07003c6b72242
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD525e01dd7e0626160db7c8d913327b0f8
SHA18778c1376fa378f719342d294469bfb74e897ca9
SHA256a13a80a57b475191a1fe4dfe4cabfa58bf04a353ebb4dc49145b28d03940049d
SHA5120e36f50e44e60c415d6013df97b1d2ac4936d51d08fe2209adfe23b412092160d618aab382d22d643488bc43db0db416096213b328dce50bae44f89cb6d82b66