Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 04:52
Static task
static1
Behavioral task
behavioral1
Sample
7461074c5c19624c63d297739627eb24_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7461074c5c19624c63d297739627eb24_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7461074c5c19624c63d297739627eb24_JaffaCakes118.html
-
Size
3KB
-
MD5
7461074c5c19624c63d297739627eb24
-
SHA1
af6ee6d875f14382e48a8203a720b3baaddb5385
-
SHA256
1fe3b78bc563ed3d6cd327cb9c8430a94f4d7047fe8201015fdfe9e771174fd9
-
SHA512
2e9f1b9aa851128f485edc677507a5130245039fba8ed05c8d7c6d80552048b14b7e0e2d92936750234f8b573667e8e409f5d4574f5bef7faad91c1a8626c201
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1316 msedge.exe 1316 msedge.exe 2748 msedge.exe 2748 msedge.exe 2456 identity_helper.exe 2456 identity_helper.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2748 wrote to memory of 4296 2748 msedge.exe 82 PID 2748 wrote to memory of 4296 2748 msedge.exe 82 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 4468 2748 msedge.exe 83 PID 2748 wrote to memory of 1316 2748 msedge.exe 84 PID 2748 wrote to memory of 1316 2748 msedge.exe 84 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85 PID 2748 wrote to memory of 3012 2748 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7461074c5c19624c63d297739627eb24_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff99547182⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 /prefetch:82⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14786896178389859140,7626521242088945183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1564
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
309B
MD5941b2396369ff41258c1945d88780c71
SHA1e88e4bcff01735ea5dca3dd1fd5a3e64a3a54fef
SHA256df5ddcc9925adbc76249d0a405d6bac840687c8cc9a613e88c0e73b233a7fb6a
SHA5129c9b243b434f50aa961c9014ff33351c1ed7e307deed006ddb0e8f1fa9d7f721c8c90f649a85d0d4663ec3caf442581157e0a58015998c9e6721e8937901df58
-
Filesize
5KB
MD5d489459c8a10cc1744e97f3fe7b6d058
SHA19c0545e73a82b354d8cb2259f0debb24710fc18a
SHA25653189236f36303a6895a472766cdaf2359010b3d23c01230e456ed35db9770f2
SHA51204f08674938d0f9b6ce52bb05b5c45faf18f9e54d171857093351f94b02fbe067fe0fe2816bd20e20c60fdf158fb38a8c2ebfb5929b5599cd0cfcab65a81781f
-
Filesize
6KB
MD5c9d7fa44a69edd93b6e0a3412be4686f
SHA1399cc2f6be566f3b17e833385fbf0db02b743377
SHA256a7b34cc327acf951358473fe55a04ef6d7e0a806c9d2d5223c37f902211f3bc0
SHA512881180d45b0ecf625a9113548b9caba9b9ee5366d0b676ef78ce47ec20400dcd91cdeb230130a9dc6e39a0c5f61f2204adf0f2ac7754a365a22a5c82b5e270c7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5b85d792ecc12b73a9bfba0d1003e3c2f
SHA16110c800c5f1715271c0a1fc0a1d7b18a81e502d
SHA25600fa7964cfd7a11e39d7af0885b7e5fed0b76ad14e52609ccfc1adff28bab771
SHA5125bbf154a3e67ee49026f803bc98c76c29097ba61f4d7da3a0dcd70b3445c24649448f51b544f1557d0a61ee5264e83a8b090e2cfde7057492d3c31d6293df8d3