Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 07:21
Static task
static1
Behavioral task
behavioral1
Sample
78554a5705aa64b7361bf59dcb187d3e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
78554a5705aa64b7361bf59dcb187d3e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
78554a5705aa64b7361bf59dcb187d3e_JaffaCakes118.html
-
Size
26KB
-
MD5
78554a5705aa64b7361bf59dcb187d3e
-
SHA1
19c77372a960621f2f06fe3eec23d34d7ce8d63c
-
SHA256
f971ea8a32f94a8314df64bebef30174aa8d789d808e675bf2fbe6a6e61feee0
-
SHA512
5114c2195c8ad5bebc67be6d1e08d53e896d6bad3675485999e480494d1cf782f2cd21f7d1e1f83fde9da7ddab5e8d8030d75d202bb53fffc68505515cf7fac2
-
SSDEEP
192:R5daQzoPc6+dpgUb5noItMqRgtY1cZZnnQjLntQ/IYnQiehLnbSDnQOkrntCwmLc:EwoEpQ/ORXjanAFD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 3440 msedge.exe 3440 msedge.exe 1956 identity_helper.exe 1956 identity_helper.exe 3112 msedge.exe 3112 msedge.exe 3112 msedge.exe 3112 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3440 wrote to memory of 3136 3440 msedge.exe 82 PID 3440 wrote to memory of 3136 3440 msedge.exe 82 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2936 3440 msedge.exe 83 PID 3440 wrote to memory of 2224 3440 msedge.exe 84 PID 3440 wrote to memory of 2224 3440 msedge.exe 84 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85 PID 3440 wrote to memory of 4312 3440 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78554a5705aa64b7361bf59dcb187d3e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e47182⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:82⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:82⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,979396017905851985,6973112127845266921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4596
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
5KB
MD5b700edb74408368fec73e4a39bc35ac8
SHA1c8fc118f3ea9f78d50ea76931629eb174949af6e
SHA256e71c4fed768de98aa8ca5df8c303f601fc85aef60bc201df0cb9b1b16e860a9c
SHA5127a7e6fa005ef5e7e3f43e947a911b5eceb21c0c730473c9388bc8b1f431172735d691e37cc2f12976b4e7c7412f1f4a3f35982da8b6ed2e1b1ea3bf07e1f3dd7
-
Filesize
6KB
MD59054d6b329433b6dea00832827f205e9
SHA139088f7eb9d810f499753b357aa822c4bd6f8ba9
SHA2563fb810de95e78e9a9a8dac2dd87d8455f0018178444e0cfea2ddd1700555e0f8
SHA5126e9c6ce8bcb31f492c5f4969e17ea301bcd262d85c54e5d11a767b65dfe198259329882b1d8fd4601498dbbea49b829e8f8c617334cd36ad99ce1621f3462e0e
-
Filesize
6KB
MD5c0b80a5f1c5a0491a957c130df96115f
SHA1721a6caff73084a2e9727434e98663cf571977f0
SHA256ab206de847a35a4203c4d320087729c3fe9543eaa269006911ab338a7985481e
SHA5129c06fe4d11ee70503e1c1305f3bdfae8d78e78101d669252eb7c3a9ada292219463e793aa60d7a0a9cbcd63ca6f04e184aa806c2ab16157d49694fd30c431293
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52eec5a88e49a80cdff4cf89be068b5da
SHA1f439516905b54ab7945731812b55cf7abe5a9bf7
SHA2565892cec12ea1516820c888fcd9e2a666417ced144dd17d3d39743017a2d87cb8
SHA51282777809800caa095195c79a7a83b54c8acd25eaee5ff9746e76727c268141cc02f6e4ab4c3dd9b0f103bc968ee2eb39eface6fc5569b493a0873b641f0b4967