Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
7c377e1f818a02219846118d382e3c6e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7c377e1f818a02219846118d382e3c6e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7c377e1f818a02219846118d382e3c6e_JaffaCakes118.html
-
Size
164KB
-
MD5
7c377e1f818a02219846118d382e3c6e
-
SHA1
022222b43be374e3a4f6fa01ac4c90704fe91213
-
SHA256
eb56e89d314b7ea5031f7db9418c0ec57eb6e2cfc33768f6dab751a24b60b291
-
SHA512
47f852997df12516ba24d7dd14a01085f407483cf00ada79383dd6ea10a94449da84035245eb839feed461013c6e0fa02760f8b44e81e8fc3a2d0b88dddbc50a
-
SSDEEP
3072:hpk4TokcGyg/7tI8iMWbYISZ97nm6GOQwvnm6fQtYQFTNDRaJsw2:O56QaQFhD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 2412 msedge.exe 2412 msedge.exe 2276 identity_helper.exe 2276 identity_helper.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2412 wrote to memory of 264 2412 msedge.exe 83 PID 2412 wrote to memory of 264 2412 msedge.exe 83 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 5016 2412 msedge.exe 84 PID 2412 wrote to memory of 1548 2412 msedge.exe 85 PID 2412 wrote to memory of 1548 2412 msedge.exe 85 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86 PID 2412 wrote to memory of 3928 2412 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7c377e1f818a02219846118d382e3c6e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4e2746f8,0x7ffd4e274708,0x7ffd4e2747182⤵PID:264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16484156429713206004,4804995161123885119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4264
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
182B
MD586b33ccdccac9f5de590f98ad4ebdde3
SHA127ffd944bb1cee4a848b5efbdb8451e5fece97db
SHA256aa41fc1a127a8b9dcb2a4c0a0acf659d91d18ea8c0e69abb92a418117ea80852
SHA5121337d4ac313c41ce5ab353f2bde7910ea1bfc3254ac2c02d62ea4fb84ed598675bcfc31cf23958e8690a10edd3de0f91a6eb4caed5e4f25144e89e304588b90c
-
Filesize
5KB
MD53ceacabed496c4c852ea483c8022c3cf
SHA17f7c625c6f6f66e7198255e0c6f97df9f96497f5
SHA256bbd285c9d460213bf5186ac165f79613a9a4e4690252713a9fd5c038ab836503
SHA512b2b9c4bee21c2e9ceea9d9916b1131ded429f9dff4cd6efb2698f52df59af1777dc8735c2ea9ffc8e9ad1c1a42f47fc57aba585032aac3422ba61c70b0e5670a
-
Filesize
6KB
MD51e88c01f3d739af6540b090d44554727
SHA1738353a8c3753238d54af74686243c7c2a38b8f0
SHA256656626e26c1c05b16241f7cf58f2b5e95ae5507d735de995da19f43bead89b42
SHA51237f81e1da2c42fa29c508624ca8a1ebed46804cbc8a933b7a9302ada177f86af5bde7414e664d7895a21f0def4578addb35aed5302b04ec70b610f12d8e8ef3f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b21f5c62e5f15fb85699614220352da9
SHA1a4cb965e6d0a84bb64aa2f112a574f3cb16809c1
SHA2567139227a13b1791e4fdeee61668538bb353247803e185c3fdf6856bddb13a364
SHA5120a80865903a4c9b2df3ce886d9b2c2080f71ebe1bf1d8d813444c08a170f78d3531b2bc0414cec9ac8d6f9b03cf3d20209de13c52274374752383a3f0b1ea1ba