Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 00:32
Static task
static1
Behavioral task
behavioral1
Sample
73c39a801c57d8b4c5a5ca61ba1c69fa_JaffaCakes118.html
Resource
win7-20240215-en
General
-
Target
73c39a801c57d8b4c5a5ca61ba1c69fa_JaffaCakes118.html
-
Size
14KB
-
MD5
73c39a801c57d8b4c5a5ca61ba1c69fa
-
SHA1
102182367fcb96edb646b5c673184f7b3738ad40
-
SHA256
b7d6da4b22ea6ccbc3faace1085ed30f1f765036e6fb8c2ca02d0d0cb0c78942
-
SHA512
c9ac87e3188eb4ab257186e69d0e26ce41b7490d5cfb216c81003ff96e374ea43d2a3180e6e2609bf36e548590525a74d0c1a504f031071e8ee564ff90c5aafe
-
SSDEEP
384:w/Zn6Bs+8VQfZ59NQmroFnjrHFRNcmgK+u7dJlwT7/24pEF+SSsSa23JtwZP:w/Zn6Bs+8VQfZ59NQmrIjrbNjgK+u7dP
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
flow ioc 22 https://jira.ops.aol.com/secure/attachment/688199/failwhale.html -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 672 msedge.exe 672 msedge.exe 996 msedge.exe 996 msedge.exe 2664 identity_helper.exe 2664 identity_helper.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 996 wrote to memory of 4204 996 msedge.exe 82 PID 996 wrote to memory of 4204 996 msedge.exe 82 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 320 996 msedge.exe 83 PID 996 wrote to memory of 672 996 msedge.exe 84 PID 996 wrote to memory of 672 996 msedge.exe 84 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85 PID 996 wrote to memory of 2932 996 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\73c39a801c57d8b4c5a5ca61ba1c69fa_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff99547182⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1926698512880624530,10941667630743798809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
250B
MD57aa7a28240c90aa61bb3a6429cbcf909
SHA152cbf56e63f42233afb8141b01af2cf950856cbe
SHA2562018fbccb2f82578122049956eabd8132675be98f58b206df7345e4c2eafe69d
SHA512577a444b70dd802531b260b3288912b8d68acd66c4a7b62973ae10a8263da6503b6d542bb4704d51eaa986787a1534659784b03b8ab2ef423571b944a8b64ff3
-
Filesize
5KB
MD58da184645e1ba4bf5317bdb550b72431
SHA159d8160750fba744fede0b179cd7499d16db6f4e
SHA256cbecdee4e0c632a28831e353bb96afbaf0a36b018acd35d4290ebd28c5364802
SHA512c331e8ffe1bf83660b9cbef595cd6254f3ab416c4bb98833d6a146ecb8d75df14337b31dfb485bc8eda18455c636b7d9feffb56c486e0f2d0cf98f31f110a8fa
-
Filesize
6KB
MD5729b1a70460916309f43f6be27880c58
SHA1c1c23533e3c45215f3d329988172fb9e2e6e2a14
SHA256c3fc48642408402988c1b5cb8d0b65443fcd6f8dca6a1c559d3a7bb0f3224f45
SHA512a415b96c3f57df7336e33ef46e9938dd7a526cc12dae638dfa519752bb578cc955fc1c0ddb58ab3627992a949b3057ce93a73e0244abaadbd6bd4d2812cf4d82
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5db512b344ed8f8f715dd3d4cd69987ac
SHA1174d32393048f1efcbd53faea70c327a506da31f
SHA25659ca8b81a5e18eeda08247b29d29375fb4bb3bf274b60f688e8c61605d2fc347
SHA512036fabe471be8d52fff232e18553a9834d3894dc46647507085cba5997878879067d60f067ed1c48a1279a003e4ee1cbd9fab45846efce6c8c1b0702df28c566