Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 03:31
Static task
static1
Behavioral task
behavioral1
Sample
70b899200755ce957463d02b4389db06_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
70b899200755ce957463d02b4389db06_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
70b899200755ce957463d02b4389db06_JaffaCakes118.html
-
Size
35KB
-
MD5
70b899200755ce957463d02b4389db06
-
SHA1
be448af4cf65af40a79ed0e90331382b8e2d0c35
-
SHA256
d24532750b57c56dc6e5c8b98ab045b8f87110b1d31d67a300a104d9767c8eca
-
SHA512
9ec6eda7af2644e10d16a8c7a2cf37942e8333f96e7f0195065b498e9953a586ea88f533a08658bb5c682c263bd18d57a20e525a79e397cf7b1b273c7b139dcb
-
SSDEEP
384:S5rXzIuh3zNbwaKO3KF94/Kf/J583TqOth0v7yug:S9h3zNb1A/J583Tq0hZn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3496 msedge.exe 3496 msedge.exe 3052 msedge.exe 3052 msedge.exe 4716 identity_helper.exe 4716 identity_helper.exe 1160 msedge.exe 1160 msedge.exe 1160 msedge.exe 1160 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3052 wrote to memory of 1372 3052 msedge.exe 83 PID 3052 wrote to memory of 1372 3052 msedge.exe 83 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 2296 3052 msedge.exe 84 PID 3052 wrote to memory of 3496 3052 msedge.exe 85 PID 3052 wrote to memory of 3496 3052 msedge.exe 85 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86 PID 3052 wrote to memory of 3720 3052 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70b899200755ce957463d02b4389db06_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca47182⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 /prefetch:82⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17757988184172645804,16714350196187169613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
5KB
MD50a2261a993772f00e736413177046e11
SHA15ca99a058e225932d2467b2aa35905442f8d2ecf
SHA256a0989340814944e3c7e030bc9ff5c14681a0886654e48580a35442863a7eb94c
SHA5124a694d56bdd350cc1b36d11f183719e59fa360d2dc7fa6207b38a3817ffa27ea6cb0adf1a746b9a858f561a99735313068057ecff940358d26ff423ca9edde41
-
Filesize
6KB
MD5dba004b1360f15c72a1a1e38b3ab582c
SHA173c58e540995d9eb65c0891bdbe61735790c5bf8
SHA2566feb92ae56ecd188529f41839cf9460b24bf43390e8ae6582e071b4405a5f537
SHA51249d14b9b129f04e461df4909a6dcdfcbb51ad9a146e5e619ab4ca863fb4067422c8d2d43763a893f380a2632892e915eb26c52833686db9dfc1edadb783c00bb
-
Filesize
6KB
MD58188714037abd1eb22a70ea0108f2f74
SHA140cb506fdde99aa79a848fc9b65352786948a819
SHA2564e59351fb11ac2e0e702415aee310e9cd14883c5d4e99a11cef18ec16d28aa9c
SHA5127a7f7fd2fba5060ad76f8d485448331c8048489b1464326a6b9bddaf541c868e9c40e10bcbcf94825532eae4261605219b8215690e1600ff95a08de6094aa89f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD57a11f84c4c6ebd01f213bcd98d98eeb5
SHA17cb888b51114166a5ecc2138b9d482a8f23cba9b
SHA2560145fdab8269f490d2c8a05ab4ae69d227f8dbc154cbd144faac2fe405cb5b20
SHA512fe5131707e9603d60a3c551dc247619605137ed9faf4381e7de01fc8e32368de1a79e4d16750762d18f2b835e5ade234eff390ebd996ce513e928f1700d9572f