Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 14:15
Static task
static1
Behavioral task
behavioral1
Sample
795f3ae3ea3007c2b7e3c21d1b9d0f39_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
795f3ae3ea3007c2b7e3c21d1b9d0f39_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
795f3ae3ea3007c2b7e3c21d1b9d0f39_JaffaCakes118.html
-
Size
77KB
-
MD5
795f3ae3ea3007c2b7e3c21d1b9d0f39
-
SHA1
631974a5eb4b1c81d9c641fe3457a05dc982f05f
-
SHA256
869c6fa2cc3033fae1c1cfe9d971369052ef623472562a026bc56e857504ff0a
-
SHA512
5d0f3a9de02674b8eb1821b6e46a1dfa9194264c43f1fcad39d8c4dd27089018b4d93f5eff1e3d9ae139a009e8bc38165ff23e74c2b97ac8277e21dc66ce0f3d
-
SSDEEP
1536:h+ycJI5qEjvgFq9tHauMUbc9Yq9tjTPymOIOII:L1Mq99aKWYq9RTPG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4136 msedge.exe 4136 msedge.exe 2500 msedge.exe 2500 msedge.exe 1800 identity_helper.exe 1800 identity_helper.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 4928 2500 msedge.exe 83 PID 2500 wrote to memory of 4928 2500 msedge.exe 83 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 1196 2500 msedge.exe 84 PID 2500 wrote to memory of 4136 2500 msedge.exe 85 PID 2500 wrote to memory of 4136 2500 msedge.exe 85 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86 PID 2500 wrote to memory of 3440 2500 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\795f3ae3ea3007c2b7e3c21d1b9d0f39_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d647182⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:12⤵PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6436165745417972212,7177013164449238449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5016
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3780
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
637B
MD562a660643c8ecf3fff96d422092dc181
SHA1f67c0e5376cf3b1d786f719009d3b364d9a69db2
SHA256a5907e7e1601fbd251bc54d164a732f59c272eb854a1d8f2087c3cd28edeb51b
SHA512013b97f521b74934888c6f3a8b8aca0b9be1f011a15c1fe2467c7348124f69e0fb1e03037ffc198835d582be3becdc2de4aa1dee8f5526370b3324e44923d242
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
637B
MD561cef41cb59d9384a8fceb7e6672d37c
SHA14f33d680d02106663e1fbef501065a92cdf214fb
SHA256d479b7c923ffb312c54f12e9b821b703101cf243bc5e7818f8ee60cf831e953d
SHA51282067700197f16a40a4c652c7934ae115c2409e5ecd28244d02007f09b9e4e0ed8ecf309ec7cb429a65615860713dd7ddd04e88e3cc81a64c897a99bd67876df
-
Filesize
6KB
MD5f50e50de4cb73e8797beb7e78656d472
SHA1522ca5f2bf86759a7665d865fc2db50f77a31df7
SHA2565ec93917f35c8109738e76d659d382413bf23dfd936220a25eb2307ef274451c
SHA51243fcdf94cf2d60e45b0c966c3ffc6e1f46ab223cfa8690a04d72b69a0af49252f6af47e9100658c553a821cf4da2a7205e8233574c321a90ef8640565af36701
-
Filesize
5KB
MD52b45ca148d2c5a145e4f5b642a6d26d3
SHA115e2c4366fce6ade5126cbe099bd0a683804e046
SHA2561fd28a11a301f231ac64f795f1fd685151eb634bd6cfeb277bf719a19fd293a4
SHA5122a05da72174bf341658521b08db01929b9d792ada227ce13e97e4294202a5db36084e83f1b1f90fc5cdc518c361f6d0066e51e8c5cf59a8ef255c1d90e582100
-
Filesize
6KB
MD58e4d487d4dd10892689f48d9b3c8274f
SHA1e4cbf70ea5be73d9de0fa9632b03042430b89639
SHA2561e701aec88f070169ebeabb8a35314045640cba28daa287ccc6e72033f4fe827
SHA5120e65625cd20d2cd7b917516be57b799c3508ddae5b36ba3517f4558441ec538ca3e2c31ab52f7110e1da9d1b7d1b977bdd176c80b027ab2f50045d566a1b99d5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ffd5532e351ecdb02163cff78fc639a4
SHA123d7f22196ac863474bb206f266f75aecd669b81
SHA256e889ef6906c108c7b0f748cfa0abe1d448e39eb89ebb3f2b03116470a41b00ae
SHA5124b9f5ecce63dc7fa42606dd36ce2cfe694713bcdc1b0af2df6f615514158d0344c6890cbdc7291ef7555ace3ae8ccaf1bb1775146d910671ab89a7b8e13e1845