Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 23:59
Static task
static1
Behavioral task
behavioral1
Sample
7b00c72f14d1b6a167d55c43d917d0a4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7b00c72f14d1b6a167d55c43d917d0a4_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7b00c72f14d1b6a167d55c43d917d0a4_JaffaCakes118.html
-
Size
21KB
-
MD5
7b00c72f14d1b6a167d55c43d917d0a4
-
SHA1
59cca71b197dbee19d088f94a9344ffc43414a77
-
SHA256
efa4510ec05ec00da9ebcf1de0b1094748e22a63c7cd769af886d33df91aca56
-
SHA512
72ee768bdedf82b6bd0e1b504e02f9edf7df793f394b4ca873989f1ccaf4638c6b693064abe3431af8ae42bba39ad4218515b42215bf9cd4dba99fcd32dd1e0b
-
SSDEEP
384:AhPQN/TE0QRRnuliroXuGGNLOtWaL/jIBGDo6YsNiFgGvTcrL1GHEkjr:AyVA0QRRnbsXuGGNLOtWwjIgM6YsNiFX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1580 msedge.exe 1580 msedge.exe 3368 msedge.exe 3368 msedge.exe 4708 identity_helper.exe 4708 identity_helper.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3368 wrote to memory of 4604 3368 msedge.exe 82 PID 3368 wrote to memory of 4604 3368 msedge.exe 82 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 4280 3368 msedge.exe 83 PID 3368 wrote to memory of 1580 3368 msedge.exe 84 PID 3368 wrote to memory of 1580 3368 msedge.exe 84 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85 PID 3368 wrote to memory of 2168 3368 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7b00c72f14d1b6a167d55c43d917d0a4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14621543067784227998,13782834794470302114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:868
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
260B
MD56f1b741b2a2c76629d1f413e90d19846
SHA16b237cadafb2250e7b002a374870d11a598b9c54
SHA256b23a1ef0ef37b7b208c1cc67c541cd1dfba8f420dcd6fc60dc1940be0460426a
SHA512768cdf04a8cae33b032046d6de88d6d19e7a76843d34eadfda9601507241e2de35f44a4ae813a3d348388d164d0a0612a375fef285f9db17e9c210becd0e1894
-
Filesize
5KB
MD5866bd18eb943e931088e8be2f7480ec6
SHA1f4a21a249f289a0cdec8a6cf556815a2b1cbaf7e
SHA256dcfbd7d20aabed8b401cd7622027c65e5d992822f261472b91b433284b86f0d8
SHA5123f93be3be89a70adb424b5d468df50d2bc45b94fdeb6cb8cc80057fd2df78086267c042de8e3137eaa98f98f925516f044efba2208beec58d761896353c10cc4
-
Filesize
6KB
MD505fc7c099698167d8028eb556bdb2643
SHA11b990410460ba4deefd3a5a993a92635355781da
SHA2568294517f4d864372fad5f6408698fc892128a925ee1966b54c967eab26fd5621
SHA51295d3b3514b2e85dda3cbef8e3a9fdfe9a0863bfae2fe32a719c79a95d3044303c167db6cf181dba43a2b4a65bda500fdd7a87c34a6ad8ccd65d2059aa0c948ad
-
Filesize
6KB
MD5a567b0c05c24862101938734e67984d3
SHA1c13b6b5b35a91eadf67973593da00b85329d20f4
SHA2567fbdf6dbdbc78fd4c5a28e5ff1342d5f526a15ba31ddf8831048432f79703b8b
SHA512d0938d69520661bf99a0e384057c4215ef44980f8341cf2766122c7e1a58abd0000e59515be3f4051ae97d339728281e28f0b24ca8fbfa65cf116af61c8948e4
-
Filesize
530B
MD570e18db9144340caa8df8ef24c938716
SHA1395588abf7e1662483b95754da791b7178fa63eb
SHA256042e429d80f385e9b966f15582cc99e90fdd16b2f5067eed648f6e6429e041f0
SHA51283c68d3c7faa906858bd23849ed57f7bccb0338d34b9242f53277646645f5a820e1f2338dd24a96a14a6d6311e7faba99215e8959061923cc076ee77d5a08cb8
-
Filesize
371B
MD5fa58ca1c7813ea161ae6ff76ddd5b609
SHA1b753f3aa671437b5690224b2fd3f8f08e010a6b3
SHA256f495e65a59c2be36671f5acb3306a460b2baa25e8d82cc47e5a47d982aa73e8b
SHA5122d6bc4b954084df3c6ed63528f0578d5525f1a781e37f6d9c83e3b6f23cf02eee1f50e78684f2e4625ab36b97c786e83de882260af7f61084d33ed90a5a679b3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51f4f7ed5ca4a30eb8546b05d7a7187de
SHA13a9462656fa4e5513e540798f6287e1c4b4dcd47
SHA2565651d75fa01b81ce49c5431fa74f23acc4205bcc93c3e696898aa9dbfdbfe0bb
SHA512cc07942fa62cabb6e9f711e1e9b14744c7bef85287c3801fa6caa519b30902e827ef36cca07ed26043111d5f86dde23a72df171eadddb7e04c4a92d76046f0ad