Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 15:25
Static task
static1
Behavioral task
behavioral1
Sample
798f95deca786fc36c4c4e62e770d912_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
798f95deca786fc36c4c4e62e770d912_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
798f95deca786fc36c4c4e62e770d912_JaffaCakes118.html
-
Size
34KB
-
MD5
798f95deca786fc36c4c4e62e770d912
-
SHA1
edeb461eb181b756138fcc193fa99c0d49e8c4cc
-
SHA256
1a5e15b2e4f80c8458a023e00bd8793577919d45d9899ff865a551a63b1588ed
-
SHA512
f160acdb3f8b68b9be829acafeb097c75f866543d748de222adce27526357f35a79af8b3d4298c69f9a1e2389509db6b31790dfbd3742900cc6adb0da27a0e41
-
SSDEEP
768:Q7EpFwSXe6eDewe7eIeygjI11CJC3CNChCICrC/CvCPJExBq0Z24HLx8lF/Fn:QwpFwSuDqtClpjIDEWmyP84yiJ4q0Z2N
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 4964 msedge.exe 4964 msedge.exe 4352 identity_helper.exe 4352 identity_helper.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4964 wrote to memory of 1300 4964 msedge.exe 83 PID 4964 wrote to memory of 1300 4964 msedge.exe 83 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 4788 4964 msedge.exe 84 PID 4964 wrote to memory of 1932 4964 msedge.exe 85 PID 4964 wrote to memory of 1932 4964 msedge.exe 85 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86 PID 4964 wrote to memory of 3200 4964 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\798f95deca786fc36c4c4e62e770d912_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff824c446f8,0x7ff824c44708,0x7ff824c447182⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:82⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7796235683685361983,5792500945037932627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2000
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
308B
MD5277654018c982a580de3d50f633723d7
SHA13ad85fd7e83b8429cd44a0dd6d3899e4934e05fd
SHA25690725fc2eb61a590971655865cef36487b5a87779423a1876e1b69d9828e3c85
SHA5126553fdaba9bc2087243e62983bb35eb8c72ef034e76ced0ba8c172b1a0d4c37fd6c313dd77ce051278779e3940833500e75b2b39d832c8dc027f529e5bbd885e
-
Filesize
5KB
MD5c7f854d355b2513fac8da47c9a25f9ec
SHA1d2e0f2a61f5d18c1f6c9f2e87df3604dc30cae5a
SHA2561a70c3f9f6e46d621a7c8261cd3675ff49c7352312f54abd2960ea36649ad706
SHA51235b9acc9c6f0c9bbcf00e411ddc58092b32cfc8c621a811af1664651a25b4037fa715287621ef49ed7cd6f7417ef928e1bf44e912b3c970bdfc78785395f0c1f
-
Filesize
6KB
MD5bd30d378f54ae10352f1095d06f3452e
SHA16dd9da8eeebf1526549ed3f8bfb0950fa8902a40
SHA256d2e761206d828802c5f605d3065fd0f78385520490817b1b9bec8146e4a09ed1
SHA512821faed89d5d8f9b4bb24ea8bc3bebb9bbef11b41a3f8727484d05ea2fffbfee6f1b520e0fd9a8a2f7daa6880a97132f2b727e79068dc2f77a7d0b1f46aa2289
-
Filesize
6KB
MD5fa46f0457367cc8135933c01e3445e91
SHA1add592d8d5128201af236a757e75699d4a0f78be
SHA2563d3a82e4f3c22995e9f3f4a3a6f259bfc418f4b847a89ab8784d7a813835b825
SHA512e5e231e8a2c5a0e1dfa6b8297a3ea9f327f17259178145c9433c7fe49a8877837cc180f9f06d6546c62b2f9788c1220b994590e8586f5b7f6eb72ab49f03911e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD551c4f72f9342bb00a6ecf25f9317097e
SHA1dd0cba27252fa38d256044bc092a7bca156423e6
SHA2567049ec100ce6c7313ef8cdfa5d880e62b19a0073e603ac8173d7f03c3e467eac
SHA512ab193abf974cc06e1737d5d543bc41b9e33c164337f7bd820dd52b2a4975e27f100d2a4162c0dfe5aeab323dba3b851a908bb865a285f05974096b962ac17fb8