Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
76f0ad767b224b0111699d90b7e4b407_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
76f0ad767b224b0111699d90b7e4b407_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
76f0ad767b224b0111699d90b7e4b407_JaffaCakes118.html
-
Size
34KB
-
MD5
76f0ad767b224b0111699d90b7e4b407
-
SHA1
f52dd0f525e52b35cea3490e9b47fea59bad3591
-
SHA256
9cc3e121ea996e718505d55f456b445aa485161751160c9423dd27d5c9a8932f
-
SHA512
02263fbfd20a0adb58e2d6c59111681d7be965cb9b24534daecc20e643190d2b01162952a2e5d2f6312c4bdce58d93858116aa05797765246c710aa97ec84e4a
-
SSDEEP
384:0lGmArmhdmPcky0/eAV85bZaiCn/qb/vACr32oJUtQ/krTmgbIY1gFsZgVNTltSZ:xXcky0235bZBJUtmg7EF0BEhmPi1Un
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4348 msedge.exe 4348 msedge.exe 1916 msedge.exe 1916 msedge.exe 1200 identity_helper.exe 1200 identity_helper.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1916 wrote to memory of 232 1916 msedge.exe 83 PID 1916 wrote to memory of 232 1916 msedge.exe 83 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 2264 1916 msedge.exe 84 PID 1916 wrote to memory of 4348 1916 msedge.exe 85 PID 1916 wrote to memory of 4348 1916 msedge.exe 85 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86 PID 1916 wrote to memory of 4380 1916 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\76f0ad767b224b0111699d90b7e4b407_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac47182⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14783473946675788441,5497511608517323416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
308B
MD5b1b33eca24e04ea05241affef52ada38
SHA1730871824af1c9a2fb35f7117e1eeb7f9827083c
SHA2562bb31764640752c71f0aaf68c414dc0b835d6d050fb248853be5a28f94aae3a9
SHA512a785b3b18e308269f701aaed2ee2318efbcaac36a64e66097235de23290b23b693b67af56ec0e42afd7a0c9eb0b7db0cc32b80c720245abc0c28d11701d65c6d
-
Filesize
379B
MD58ba9ddaa32581884f353897984aa4b47
SHA1cfd61a99b9d0b27ddee82e4fb2d34e477dd94909
SHA256019665428f02c36cb66e76ec02606d987849aeccf8494d826cdcf726b4215e43
SHA5128f768467465e44552a1503357a0055d72356b37dfd1329ddecda70a0786577368a9f9f0905cf79b6a07dfe059387fcd4938e0a391a4283430a8d9e24a4a0e4e7
-
Filesize
308B
MD5407cf1e1b4c09d54566e31c1a2d57e08
SHA19838b5fd43b5abd1b535b8eee77bf967786eb801
SHA25612a9292289e2779d2845b6d7eb1bb7bea08ccba0b311d396744820bb0dca9d05
SHA5126a429a4049c3350e59c1a74acbfda948e4dcf09c5c02c02cf5734be1a12b9e6e4bee74918a7ddcd4d4e8593a3709148f5ebff6c6c08978d66700bbe9d17e4c60
-
Filesize
5KB
MD5c98118b9c7c044bd032a60f58b764bd6
SHA1ea0bf52badc2617607b6d12f1e66091e2ae4dc70
SHA25685510e561a0c7c8451a9c4c0a37021ed149420a6e5df4d12715cc8377e6066ca
SHA512f48c6f3621fcb452bb0814f30af72d3445bf7c50e3202c3587a2d13938eaa9fc605dfbe0a864d8aa7362902b9a0b1ac28da8a8b5297c5d6a5269dbc2726c5a71
-
Filesize
6KB
MD5480c7c8cfccebe2c6df5687aaa97b6f1
SHA174c75b63a509d687a5ddf84ed9792a1bc1f77f9f
SHA2565ad471ae099d59a0c3e34b5b348a0890ae779a5f90e76cfbe95ee2c2c490a7fc
SHA5126bfe3ff380d5a353341a6b94d1d63349547390cf58297a39a375af434d91d5f39cfa64d0ce6bc4c71f70013160173f5a5389fb781d0b6dcbabbb04ae5d4ecb6a
-
Filesize
6KB
MD59c164ff15d5529afa73e33fae0efefa2
SHA19331554891fb9b148eed93050d3576cbbdfbdbf6
SHA25666cfa6ffa373fb0561f4ff0ab3500a09d5c3e897dec219c46e48a83416c6fbc0
SHA512e8bec74ec6be527c11ac2b72268772b75d7dfeba7a8fc6c1f873ffc04e38fcc721134447f7794fc2e538ad30617c22f0b304a42e75e4179cd7041e9e17521f72
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD511d65a3246b595f2873d936ef5f7a56f
SHA1a1f78f0ef4fc5ba3892428740d1ba95db5ca3400
SHA256feb36247066b9802f049c1a50c5fcb2814ff1786a01822fea81d8a28885a15f6
SHA512173c1f4f7087a110fea6e7aa84112b4752ccc79defadd4291932b575003f89bc62cf01bab8f680fdd67ad1d070cd437b583b975fe570fc774331693d3484effe