Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 17:03
Static task
static1
Behavioral task
behavioral1
Sample
72a60c0b666c7a0b3bec1eb5d35cd88a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
72a60c0b666c7a0b3bec1eb5d35cd88a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
72a60c0b666c7a0b3bec1eb5d35cd88a_JaffaCakes118.html
-
Size
37KB
-
MD5
72a60c0b666c7a0b3bec1eb5d35cd88a
-
SHA1
fec3d0064dbddfaa42d26e9648deb877b965099e
-
SHA256
ae978daa7ea2e01d63319c912c2b3e40d49dcbf5effc81d5fff6bdc207f3499b
-
SHA512
94c739b069e0c1df0bfac5329661b62bf02b65a57ce57bccd1482ffa183dbc2395c492b2e5f4677ce7235856ab47f5a7a8f82b4880341b5ccb80e83fe428fbbf
-
SSDEEP
768:U+0MIKWF8IKLCQ0d5hlNWOIhKIybu64sBDEgdDCpELC+pHq+9xJ71qhvIVWEk4:U+0HKKu0nkOIwbuZsBDNCpEGgh7khQV3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 912 msedge.exe 912 msedge.exe 1356 msedge.exe 1356 msedge.exe 3536 identity_helper.exe 3536 identity_helper.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe 1740 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1356 wrote to memory of 4324 1356 msedge.exe 83 PID 1356 wrote to memory of 4324 1356 msedge.exe 83 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 3012 1356 msedge.exe 84 PID 1356 wrote to memory of 912 1356 msedge.exe 85 PID 1356 wrote to memory of 912 1356 msedge.exe 85 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86 PID 1356 wrote to memory of 3648 1356 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72a60c0b666c7a0b3bec1eb5d35cd88a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff8354247182⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:82⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16693052275310152855,18173297453387402270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2872
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
194B
MD517b464c51c18feaf600dd9534722f8c7
SHA19eaa3139907b000c4ac5568e25976dcf640e4733
SHA256519930b7d766baf91b68c30e9753508fcd83ae1d678172efdf66c50d5b0ca633
SHA512762ab5714d3d45b44658dc5a8034d8ee6a8be2c7098be553cf8e01cbb6318d6c53a39859fb9b07769286b8d3b291e3c74945cdc88028db4fd4522fc687b6a620
-
Filesize
5KB
MD5c3255d4062e2129021846e955fec5db0
SHA1428e66cb5165af2ab41a88daaf0f74e8666391b4
SHA256f2ac9f1104f63cc3b7d95185c765bb12d568d92ede638495ea4ebe736a1fb99b
SHA5127e808402c38331ab0dad3524c18b20b2d915aecc3c0d5136ed784e23c87a73e29b38fe8609642d84419f7d48160b88c9eb488cf07af7b5892c1aacaa2cbc64d8
-
Filesize
6KB
MD5a6ee51193900a7a0a060ddae9cd3c856
SHA16303783d625b7925201c86becd616784ffa5c4b1
SHA256223c8670388a2a84d9a35c2e982cbd5f8dc2c5f15acc6f5b1eadb9ee7986cfea
SHA512db20437f91e04ed6dfd09e967543382f9bdc6ca99367439a52621fe66fde813ae41d51863886aaf5f35107df7c70ef4f3220ec1b4253e7a85dc941569e38f0e6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59531d57a6751836ebed8db25d032abd2
SHA151bc37d74c15d7273f19c18992737ba3a2d25da8
SHA256e7171dbc64496d49ce7b67de610f1c58875f11e9dafb9158e42bd87d7dd74a5c
SHA512aa903c01c19a6fa8237ebc6830786a011f992fda4d91fa22fe18f16e0557796deee8ec2eaabc613c21ba81b77e5aa6fdda77eb188924e7ea34a72a06ae739b8f