Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html
-
Size
76KB
-
MD5
752f8a6fbececa8686dd3d855e22e519
-
SHA1
3910bbdeef3024b5ae3c84974c4a2f945b960691
-
SHA256
931edf9c5b5e9d51156a59fde64a632a819d319d59dd92868e0142e8df884ef9
-
SHA512
dc09852b5d0a536a8c4cf7d46bca9a6b5a835538a60e44df03ee3adeb21cc7092bf7ea1f33b7f984f7d13d64cc20b2ef5d70d2ffc109f65dc7d6dcaef8242874
-
SSDEEP
768:X6uf3JxciecBnQ9jwBes+0rlxdO3FZKqvZ3G0jV970nC227WTkZ8n9Half+YsYg1:X6ufHciQf30rlfOVJ1ZpJUi1Lu1gS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 4684 msedge.exe 4684 msedge.exe 3236 identity_helper.exe 3236 identity_helper.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4684 wrote to memory of 728 4684 msedge.exe 84 PID 4684 wrote to memory of 728 4684 msedge.exe 84 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 4476 4684 msedge.exe 85 PID 4684 wrote to memory of 1916 4684 msedge.exe 86 PID 4684 wrote to memory of 1916 4684 msedge.exe 86 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87 PID 4684 wrote to memory of 4092 4684 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea93747182⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
552B
MD5dab8d249870376f413729db6058d2974
SHA131d7b3e17849f49410c569d7227e640007ddc05f
SHA25693be2ba9f194c321b41246d107636078201de1fad1bca9b996079c448abebe0e
SHA512b686ca43ebadd037aba1c08aed8bd56e1627ce97ec373f335a09c1e57b0de0f917e6b54babcf7fafdad28d6b0a3233c688b500f61b776f9077dad7c59d0985c1
-
Filesize
5KB
MD552554e449ea41c01e09eff8dae9bd462
SHA17e65deaab3817af55a5189534373c8f6934f3a20
SHA2567afbe302ed9467d241f2064a44f9768c5ad4d3ce17a64175a7e6a1aac063b7d1
SHA512344a93cdfe62d4b1bf58f64544417aa03efdcbf691b2aabf3b95ca2a52361c4cc63109bf19ee41d7ac5c25c43481cff1b2361952cc7a5783f51a19e73e90ea25
-
Filesize
6KB
MD5f7a0861d81b51e7b58719b10872d13b8
SHA1bc7dfeec9d90ca4b7e1cd4042e937298154a7505
SHA2566a29c8ad7f8f3799d643200f28f6de643104db8b65a4f1fb18671cbaf97d6d10
SHA5129766655a9a8ce85ad08cd6db9933385f9bd579ddbb4eb1c7d738a50b97492af0e4948a1c0ac7311f6742ad3b57154a3cd8c39b75a0a64b131748f1a02b6c83ea
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD511ba548528889721566941582c3c19df
SHA150a17291a42f043854df1988505ec3240b3b6f50
SHA2562047854c38ca40629d01fe7a147cb01e9543b0ce84851fc8ef378294950b832d
SHA512814c4be433ecda175479b1eb442d02d2962df4f0c6057d6e2b287ad82b0fa8029c32ccab01c215c67dcbd1e694388a8e3969a1b1fb6c1485f067bf0c8b930478