Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 12:05
Static task
static1
Behavioral task
behavioral1
Sample
7ce2f821853e1d1df845abc7842087c8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7ce2f821853e1d1df845abc7842087c8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7ce2f821853e1d1df845abc7842087c8_JaffaCakes118.html
-
Size
20KB
-
MD5
7ce2f821853e1d1df845abc7842087c8
-
SHA1
5abbd1db378beeea9ad519775f361593f36142fd
-
SHA256
9716820da03cc44c7b56daf247f878e80a57300b128a28590d413e64dc83e14e
-
SHA512
2157843bd599f4ca442b8d753eef48ae5b2305737852178c82a9a78d5211201463429b7e156b9da05ebeb291cef2afeec3ddfe3f18c44996db71cd034a743287
-
SSDEEP
192:uWjQb5nJGnQjxn5Q/FnQieoNn2UVnQOkEntrHnQTbnxnQOCnQtqwMBIqnYnQ5hNZ:mQ/gUL6Sf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1128 msedge.exe 1128 msedge.exe 2752 msedge.exe 2752 msedge.exe 2064 identity_helper.exe 2064 identity_helper.exe 3084 msedge.exe 3084 msedge.exe 3084 msedge.exe 3084 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe 2752 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2752 wrote to memory of 3452 2752 msedge.exe 83 PID 2752 wrote to memory of 3452 2752 msedge.exe 83 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1776 2752 msedge.exe 84 PID 2752 wrote to memory of 1128 2752 msedge.exe 85 PID 2752 wrote to memory of 1128 2752 msedge.exe 85 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86 PID 2752 wrote to memory of 3840 2752 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ce2f821853e1d1df845abc7842087c8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d6046f8,0x7ffe4d604708,0x7ffe4d6047182⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 /prefetch:82⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9881865520771705378,4094050750948552319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5620 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD55274b4cf01bdbdc66f53ca2452f23af0
SHA104ac8c5ac3214877bb5a6a2be08ceb2e0923e5d8
SHA2568197c28e57221be5722631bfbde4b1815b6991f921ba726eb630fa9c3e59d236
SHA512dbd0e52e37999f9c036894c921cbd27e4b2d3c03fe81db677736bf301a83137e7b391aed44a339543fc66bab415416011e2c4edce617e0596c3f58e6af16a99a
-
Filesize
6KB
MD5683a5539fa204e3e95d085e0299c95b8
SHA11ed8c68dbbd159c13930380d1ff17d2807063a5b
SHA256dfe5c838ba757170a69251e95a9df917fe6b65e95fbf8671b39d328a966ed7e1
SHA5123f97db2a1b4722a9fbe9d6c9e9d93f9b0caf91c2e45bf51965221b09f928e33ed6eeb0ecb2e1628a9c07096e0cd68c3c35abeefbaf433c84e8b3d1a451dc123d
-
Filesize
6KB
MD53f6a73cd93f93abfe99b968bf5b9b523
SHA117a7b8c8d7416361a9b692e54ae3d571b32463bf
SHA256d9d39780be7a8e5763c857324412ff46fdc1acff729de2711d6289e653202c6a
SHA512e2cf1970f2e97ab31c32d6327daf9b210f341b8683cb6213fee2565574184637db52ebbad0f0385eedb3afef278f7b9565f274a8d9369d635f64126d4ccfb533
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ae7bc9d26f0f8933a27877962dd4ad40
SHA1e809477bbeb688ba876d9e64b0a1904b3200e8b2
SHA25600c68e26dea987b7bc407a9b94fd3ec0fdb0506be8a5b0788c8443d84c00deea
SHA5127b483abead347732c1f6e58a7b17bfe42ed0846557da001b7d254c2cd676690fd131ac88dbc0ab6f6d0382a070461c01a84b9b006b638cae3c6cec520dc73fb8