Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 17:02
Static task
static1
Behavioral task
behavioral1
Sample
7db5c47ecf8d16da41d88a3ddf901929_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7db5c47ecf8d16da41d88a3ddf901929_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7db5c47ecf8d16da41d88a3ddf901929_JaffaCakes118.html
-
Size
201KB
-
MD5
7db5c47ecf8d16da41d88a3ddf901929
-
SHA1
d8e2a0355cc85e506f4fbe103a6b679a2b012b7c
-
SHA256
ddab7f35b260af163d505ddd2af320444a61e443283714c21e0656aa17dc399e
-
SHA512
b2f970d96e0f7036432e5555943f23891dd966c6165af168afe52f05fef83ffa3a3fad74244590ce5f13b7a190532569bf68fddda53d2b84e8c0ebb640f3b06d
-
SSDEEP
1536:kaywPkgqVxTnNvmNueDtgdYOwKnC5aod/+By3E/JhGvM:dyVkO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3312 msedge.exe 3312 msedge.exe 1604 msedge.exe 1604 msedge.exe 4128 identity_helper.exe 4128 identity_helper.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1604 wrote to memory of 228 1604 msedge.exe 82 PID 1604 wrote to memory of 228 1604 msedge.exe 82 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 2512 1604 msedge.exe 83 PID 1604 wrote to memory of 3312 1604 msedge.exe 84 PID 1604 wrote to memory of 3312 1604 msedge.exe 84 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85 PID 1604 wrote to memory of 3016 1604 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7db5c47ecf8d16da41d88a3ddf901929_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da47182⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1286859369678437063,15041643262416069563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1336
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
255B
MD56216a07695629959bd035d0fbbce1706
SHA11b4849422fd2d05b90c95b79af525ff7bdff2f9b
SHA256d5f4ff7858e246040cb1f2e5b11eb2310a483a398a7e361936b02457a00b0702
SHA5120e46fc6091473e812a6b084ae2960e5721a69c6a7fbb32807ea4db735292b0de4cfb0c047593874fd0f07b56b89efa288596747d9978e3f625bcd39297e0b41b
-
Filesize
5KB
MD5f1324d767c046567782f3363f6844394
SHA168b319e0d25d4aa8baeeb1ec00147363c14ec365
SHA256e71bbff39f6def14ca1e06573aa3c2df8de264c731e80b6d9ffff99d577fd6b3
SHA512c62431c934eb2e664b8f9acc894641bc24230e1ecfd1a7ca154768457b74d7c174e487bb24b8af18d3a86ad417001974063b983324ada55a8714220521497a23
-
Filesize
6KB
MD59f0c5199b1714f91592cedf17ca20cb7
SHA18d2689bbe8e55875c2796180a5a5cbbcfdad080c
SHA256fc971f6fbeab849371553079cfd617121dced2ad6e8053b82b7b21a187663087
SHA51285b85bfa3c27e933d986a1227fdc291e24001a98962dd93ed85b3230c5e180c04a72ca9f0e237ccae2221a55edaad71f397ac14f45802059ea1262fdc5cf25d7
-
Filesize
6KB
MD58564242a65f81fc1270d8813d6bd225c
SHA11b21ef243827edcc4ec1ad515e1953b8fb493d4e
SHA2566d2f0f82aeb6c0708991e8d7ec7b3516f09aa13876fbe9cce7467cf546804c5d
SHA5126e8b4f5ba588571f45fc7966e44e6191c7b18f7febc1617a0160378746f5ec9df60f70128671b0178de5ea73ab9f6e5b6ab3a549fc00a2108f89010886c2378d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5199ff129d684524ff543ad3d57123f3b
SHA1888d5f96131ebfbbf6fee500dbf60348291e6602
SHA25691a400907c17acf0189561541a023dd8024600ec4362aa1ea82d7001e692a9ef
SHA5123813246c653b2a34de30aeb19bb7ca1169a86e035b73b969d28e11b8d4907d427605ce98a84c619309e7d73b3fd8e1a58be8537d7c1bfa968b0dd51b723d6faa