Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 13:28
Static task
static1
Behavioral task
behavioral1
Sample
759f27bb6d0e39e76163beb05e1afd10_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
759f27bb6d0e39e76163beb05e1afd10_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
759f27bb6d0e39e76163beb05e1afd10_JaffaCakes118.html
-
Size
55KB
-
MD5
759f27bb6d0e39e76163beb05e1afd10
-
SHA1
b2381a6da64b60ec986c8ed04fcf0f1bc663b28e
-
SHA256
ee1c6406d19f022609552d071db7ded1ba7d5949a05865ac220485e249c8ba1a
-
SHA512
528e5375476be6bf4efd56e8bc2230eec8d3120e8419e8c9ae74e813638bd37e3c84c2a82ce1c2e3da79d517a1fa15cb506bbab5fa082c2226004d3774c1ba00
-
SSDEEP
1536:CHBEyRxugOruO6GwuM2nXBMwmS9A/lhYwQl:CHBEyRxuHaV2Rnl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4348 msedge.exe 4348 msedge.exe 3160 msedge.exe 3160 msedge.exe 4992 identity_helper.exe 4992 identity_helper.exe 1392 msedge.exe 1392 msedge.exe 1392 msedge.exe 1392 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3160 wrote to memory of 4744 3160 msedge.exe 83 PID 3160 wrote to memory of 4744 3160 msedge.exe 83 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 1044 3160 msedge.exe 84 PID 3160 wrote to memory of 4348 3160 msedge.exe 85 PID 3160 wrote to memory of 4348 3160 msedge.exe 85 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86 PID 3160 wrote to memory of 436 3160 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\759f27bb6d0e39e76163beb05e1afd10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fe9b46f8,0x7ff8fe9b4708,0x7ff8fe9b47182⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:82⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4837506881094165558,10170671360890717231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
567B
MD528a8ddb2a2770f2cdf7bb7715188eaf6
SHA1fb73e371b98cc6f59f60d276036b6a33ccbdc670
SHA2561c308944ff830ad0c88fd94f739f4140ee510693483f3a566cee5536edd2f707
SHA512d25e18335a7def47b2acaa1bda273898c6ca8ee2bf45a7d4482f5793f322951d75b0a4aa4edf6a20ce00fdaf5a7b695d034331a9a8de3926e689ba4345ca4c8a
-
Filesize
6KB
MD5e726e4015d5f15a5f6e97993602b2ea8
SHA1081e4152a7238f61cadd42ac79134b6445154f0b
SHA2569314491a4978fdae053bf20da6e2cd58a78ecd9da7cdd55990f0dc4fc2905b9b
SHA512d60fe6bbaa9462dcc79d6d13f42beea53bf85ba64d04ec67bd6d4f97b77e72b82204e5296abadeb18d2d786386207f4be58a5ed15b5e490e8a35afb21ee112f4
-
Filesize
5KB
MD5227de305b1b36a785c01ec6be6c819e1
SHA17c271e95427c0084a7345b2d16da48aa5f133f16
SHA256b0fd8741f118533d72eead0eb76d50d5ea797540cb86f888eb34d79b78d3fd6a
SHA512398a177b12de4e7e3c5c1b43e1c62e313c7272316a57ecb729563e36a9d6da20be1aa742e7b8391d936818e787eafabc6fba48b1798d9288f368fc7b97352084
-
Filesize
6KB
MD515b1dd552d29ed53a356b8163e302fd7
SHA1cebd635815b588907a52507f27ee0f51cb07ea76
SHA2565f3493c294c29698daea0e0c9fa91248d42ec7a243a0e29cbbf2898249883e2b
SHA5124636c9368324da7d1f50587fb2d61978065f090b7df461c052a9a5896d2babf5d305624a0ebcce59602a9b7fb9f2947ead0bda2c4280c86e8a5918077bccee53
-
Filesize
372B
MD51ec084ec798bd1585ef8e7f6708a23da
SHA194cfb49a39113942a23b53df2bea78d82ce309bc
SHA2566f414af14fdab414247218fd225557b7c967f36b7b48ffb9720749eb32cd1853
SHA51215a54169f870329eb779ab0bd427dff368810df7d86caefcbc52f863dd2beb672dc7f20a5bf7521fe58a7041969a2caebe703b236d655b96dfafe80d3c8b0f7f
-
Filesize
372B
MD5e4e9264a233c32c1396696d37d55a410
SHA1486921aaddc630260f0bdc878af56757e4c064b9
SHA2563a53c327cdb52e0583496275f2303921de432b0d3c7a26c4b97853d575f3da59
SHA512ac682f7f4d78c42ceda507ab5cb3657cdc53373fc196f7e1aa9c6d25583b670babc48ddcbfbd0600d0ffc0687c06ceb1d1ad812c42c1ebcea9a741ceaaddba15
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD523447785a3a8ab4f488b4acebc7abf3a
SHA15d93f2f22d89e694907c95094539f9a78ecd2025
SHA256668b6875f2c9ca4a267f5c4afd0c330a6b3993b393259ee5abc3ea5b7792e43f
SHA512634f6207b4923a3d025a77500e4068eb3eb63be1ea424fdcc3cff7cba6ac6406e53c1bf740384dccee438e539c33803bddd130357c7b8939160d4d10cc643311