Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 21:18
Static task
static1
Behavioral task
behavioral1
Sample
7e6fdba9104ced3b8d9d276fe488e314_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7e6fdba9104ced3b8d9d276fe488e314_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e6fdba9104ced3b8d9d276fe488e314_JaffaCakes118.html
-
Size
36KB
-
MD5
7e6fdba9104ced3b8d9d276fe488e314
-
SHA1
edd23cd2b52e1c423fd75df7320b90bf2bf39cff
-
SHA256
f0ec3c085f732e2baf92571ff51bfd6f1f3b03acc40161366252342aa85fde78
-
SHA512
5ff209e9ea8c7e74130b67074f06afedab1609b260c9b612260c49ae94cf6b623be0d0800d56ffb242187a873acb6f57d60f8da5053a08ab497c0a093e27016f
-
SSDEEP
768:SGybPpclDy6WpuHNjzy5FxvJt9tZdCJpEghu0/t45J:SGybPpclzWpuHN3y3hJbYJ9L+5J
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1028 msedge.exe 1028 msedge.exe 1436 msedge.exe 1436 msedge.exe 1204 identity_helper.exe 1204 identity_helper.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1436 wrote to memory of 3108 1436 msedge.exe 83 PID 1436 wrote to memory of 3108 1436 msedge.exe 83 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 4588 1436 msedge.exe 84 PID 1436 wrote to memory of 1028 1436 msedge.exe 85 PID 1436 wrote to memory of 1028 1436 msedge.exe 85 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86 PID 1436 wrote to memory of 2476 1436 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e6fdba9104ced3b8d9d276fe488e314_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:82⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8184542954693885850,866348042577795487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4716
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
326B
MD51cb937c018978d0024b0d101d0aac38d
SHA18e4a5c25a640128bd36d86b47745f21682dead9d
SHA256135d5e7e16bfcc6c11a39159c05d24669938124cced41a49699790936734c23f
SHA512b2355fb886260b40ead700226f42d5110768631411e077b597a8fb1ab26ba14fcf90faf5b57501efec07bacbe0973a74ffb0f48227ee9533f2c2f1c087476807
-
Filesize
5KB
MD5965dfff1ad7200532c3fc172d9d75daf
SHA136ed731f65e7268a252d5f84d8443ffab622a0f2
SHA25680654c0c02d8fd592b87f456fd70e68d49c4b1ecb571d83479ce17fc86c7b9ee
SHA5126118cd4770ebaac697ea722e409eae29acef6d3878caac410c84aecc09d7c59d609f2400c55e1e7bc745225d5d9953be0f57ade05362263b005bb2dcffc145db
-
Filesize
6KB
MD5a09845e0329b874ff4dcbd19a7811d97
SHA14e3ce9d5c5182b2a51cd084619f413a64b7a201a
SHA256de7f537d894fb6ab97a6d375663f9ff0b6d439670e91355265014a93bd5adc15
SHA512b31f3e22d04beb4a36b0f278e4fde6ce13fa243b9f21fdf4dcf63592e9e3cfde970df248bd19f541f93a54260562c2a3e190741c91dd9ae0440c0c03c9775715
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a4a2c96926bb78b4c896f58092b71df2
SHA1d4f4b2ee8668cdc435a6ff39844d6ee2ac3eed21
SHA256334a197d52c41df634b8d78d8b6bf9bafa41b2f648058f7462c3727587a66a2b
SHA5129dd43846d109859ca8c66ed175ca18afbb8209574e57d63bd5d611f5fb80b1f8a47d3fba96f84c1653f34992d5984dcad90c27ee1bac95f21ec06297b5327f27