Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 00:30
Static task
static1
Behavioral task
behavioral1
Sample
7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html
-
Size
42KB
-
MD5
7b15e2dbe56a30803a53b659bc428f13
-
SHA1
bc7a7a79711ffa4193efbbab201da521288c99c2
-
SHA256
a485860bdbdfc2157b0f436bbc6df5590f28446a406bcdd5bba702a34843512d
-
SHA512
ac6330540d73410ddd0a19621792ff180e9f6d1d8d365adfc4cc260aa7181f70785deb0743dc847d9e53b554cd39543441804d602b81fd5632c736f3269e13bd
-
SSDEEP
768:SgpwV9+9+i5+zlbBewBiEl3EiGS2ggDfiG1aZA513I2bITrgMS1eWKrqCg:SgpwV91McGwBiEl3EiGS2ggDfiG1aZAL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 776 msedge.exe 776 msedge.exe 2184 msedge.exe 2184 msedge.exe 4628 identity_helper.exe 4628 identity_helper.exe 1344 msedge.exe 1344 msedge.exe 1344 msedge.exe 1344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2272 2184 msedge.exe 85 PID 2184 wrote to memory of 2272 2184 msedge.exe 85 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 2524 2184 msedge.exe 86 PID 2184 wrote to memory of 776 2184 msedge.exe 87 PID 2184 wrote to memory of 776 2184 msedge.exe 87 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88 PID 2184 wrote to memory of 4892 2184 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7b15e2dbe56a30803a53b659bc428f13_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba57446f8,0x7ffba5744708,0x7ffba57447182⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8157768168450161773,2831866737555157736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4716
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
261B
MD5ea57c6792703b5f542f0ea0a741cc425
SHA13ca7af8a028966f859838d6807daa0ce821f7dcb
SHA256469e7f3d9d061c7e55710ce83faa8057cbf6c918b2a131865198645ca4981a22
SHA51243434c90ff163c2c0f51372cadee91ce469c3d8f3bff0dd25231e4974665cf4c67fe78ac5301252b203f459d9dfffcd24f6b2e90c72023fd9cce89bd8d58adfb
-
Filesize
6KB
MD5fa2377892ab2dad20f21a609d5f9600e
SHA11e56ca3ab9f6fdf19f8b5f877ceffedb32755b80
SHA256be586a77ac2c3a9e6dfba7f478bd1fc6e1f06d183ca13fa79a1f4a3172336a91
SHA512823d01857df7905a0e013ca797ddf8de4a03324e56845709582fc39196fc83acc1ea44dc4044eb385ea0f4c6efc75d0ef4ab4552bc876849972bbf3efb328e54
-
Filesize
5KB
MD5bc59d1d218c404f2b614b1302e7ec262
SHA16746206dc25d6c28191f33781d5d19df3dbeb7e4
SHA2564203d74e471e92782ccc30084c5461aa09467a12807f948a4f86907efb3b0098
SHA51240bcb15819b19352ca19504ffcb45a3fd4d8c03af9ad09ba7ea99d1b5f61933ff5db617c60502c4891733594a7ad246ffb3bd57dbd666b46ff6e014b340547fd
-
Filesize
6KB
MD5415c58c6a037b22ced94109c94858dfd
SHA119b4ab396f4a051eb99de037eaf388f1059260b6
SHA25699470f2a8d2db1eefa1bbe3abc9a159c35de4fa6c10e7b5419d33b989c3beac4
SHA5127a83979f95b6818bb48d9a3caba0e2d5fb8df9572339c029e7ebe98702de4c825d39f89115448fbb3cf5e09108cc1e5d163d935bc79065b17b02dae71edda505
-
Filesize
370B
MD5ff2072e21e5c35c3955546daa771d3fb
SHA161c920ea7e02267988d762de671f77903988329b
SHA25659939de3e86f142e9b305ace0154a6772cc3b47d087338e0ff0931e7eefdcc2c
SHA512fb331621ff3aff465e95438f592983a8a1ca02e65ed0b7dbd87696563a142cfc6a7a3abeabea3e5351cb13596a33d57cddf70de31aa96fe998ba9e6f4c4818ed
-
Filesize
203B
MD5aa84d0731aee301ed02134de8ac2b5f1
SHA13fd2a0b4ac6f4f311051a503b936f01091bc22da
SHA256bdfed30c0f00bef487088ee47b85bd13e6e02b056c3e4bc15f4d6d266831c4e6
SHA5120875cb18eecff8fe72921a044f55d67839a71e02f5605da9e385e47067a8038370e324f6df5a4fbe70add1e399b6e40474b22c1e3780ef3f6a2bcad204cf6b2c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD561e5a8e8b96f19fc5bd596fc54e38149
SHA12f3b9ba24a5c64031324e75edea610bf70579e24
SHA25658a2b89e28657033567ebed0cb5bb56d361bf85d51492ab7c3902e69ecfa566f
SHA512ea15cc72920da639609e742ba852e45cb1ab4f0d3bffb56c3631abf5148eb07e5d75b3a1fe6518190b229b98a4b61a61a2d50e778adeeb00e32190fc1415d233