Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 00:19
Static task
static1
Behavioral task
behavioral1
Sample
73bc98949d731261ded38b514d07158f_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
73bc98949d731261ded38b514d07158f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
73bc98949d731261ded38b514d07158f_JaffaCakes118.html
-
Size
134KB
-
MD5
73bc98949d731261ded38b514d07158f
-
SHA1
fb7021ee934829261c15813128474cd235879620
-
SHA256
7ce943edd384e04c23d16170a61a964c2538e192fa9577263f6ecccf608c9090
-
SHA512
4afb8377cca3c74a1a46d1d84eee92f92faba14b9028baeb83af88fdaa48120bcb060660eed6f992acde7724606c86aaa887c73508c5a5d7d70193df6ae57ccf
-
SSDEEP
1536:4hYQAwNz6MTo9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:8G9yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 716 msedge.exe 716 msedge.exe 1356 msedge.exe 1356 msedge.exe 2388 identity_helper.exe 2388 identity_helper.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1356 wrote to memory of 2368 1356 msedge.exe 83 PID 1356 wrote to memory of 2368 1356 msedge.exe 83 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 1468 1356 msedge.exe 84 PID 1356 wrote to memory of 716 1356 msedge.exe 85 PID 1356 wrote to memory of 716 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86 PID 1356 wrote to memory of 1992 1356 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\73bc98949d731261ded38b514d07158f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428a46f8,0x7ff9428a4708,0x7ff9428a47182⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,6639613409452286631,15989683781341453175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4964
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD5ac5ed6b9209ef562b8d2bad7ac49e352
SHA15e3ad1e8b2a5200b9ba6da3ff7fefd71e941a201
SHA2569f26229f2f9155c4a67cf85b279fe61d4ca526c0fa23051d1bb635820075acc5
SHA512e922d83bdcca21544936882d5b0f36d89986f1109ab8e46f27da91704e213c71cf11dccc8a4625845314e589f7795d192e60aaada2582844648c8e3137f170ce
-
Filesize
6KB
MD57f76474ca85644bd8451876bbcd6ff55
SHA15fca777dc07a488145850e02ee5a824eac36411d
SHA256e2790225a395311662b5b887da0d91eca7c77f3d6bf891ce4378727b8599b8d0
SHA5123b04d14e565e47b0a4867cbbbc0bdf4397b2dda13a2b391bba1ec2c9d81bf355e095aa561d28581d98acf25e092059d9e5b725dddff3f0024fbff4022f0575fb
-
Filesize
6KB
MD575022f474d041e25b9c39ca79ab48284
SHA1da8ce55727da82a5ed54be76975d4172c3318e6a
SHA25677e2e25123da89e4c7edc1c24ea4fe4d4ec789189b4257a051f007c771db7d75
SHA5122ea589cfc348c400fc6f8cf17d745eb8859c080ff0451e9aebd9c27daf8ce2fabda6d7c24bbf019f46c948bcbf7669730bff16030616fbd93536bd281e571cc1
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5a37b46a6f056e71b613c50308f027644
SHA17e8098acfb3838d68cc72bd1d3355b0a2b335b06
SHA256fdfa30ab328148c3b9fd1cd796ac9d6e75df28d42ef1fe7ba4b0b48d44bccfc2
SHA512b402603541926c4982183be39b9b6884aa26ab7947a72525f3ba7fc06012aed92d1cb4cf8f44328d99b8174e4b19eb9b011947c7b8b13fbae9f0fba611289164