Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
7f2db17a640ee8477e4742ff3dc95373_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f2db17a640ee8477e4742ff3dc95373_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7f2db17a640ee8477e4742ff3dc95373_JaffaCakes118.html
-
Size
836B
-
MD5
7f2db17a640ee8477e4742ff3dc95373
-
SHA1
12db9c1fb9aa4175cf821d0df9f187e95448e033
-
SHA256
a7a9f45e11325bc0e72f3fae54ee9164be15e533da6d09f81f4230116645a9b6
-
SHA512
bcc5926f12c60f96232fe5f6729e7063553ba7ea8b730c48c87c0f366bed03c16cba4eea73d27fe0de41a8e087d5ec1749a44549eaacfcab44141481af3f781b
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4624 msedge.exe 4624 msedge.exe 4216 msedge.exe 4216 msedge.exe 4576 identity_helper.exe 4576 identity_helper.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4216 wrote to memory of 2460 4216 msedge.exe 82 PID 4216 wrote to memory of 2460 4216 msedge.exe 82 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4556 4216 msedge.exe 83 PID 4216 wrote to memory of 4624 4216 msedge.exe 84 PID 4216 wrote to memory of 4624 4216 msedge.exe 84 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85 PID 4216 wrote to memory of 3716 4216 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7f2db17a640ee8477e4742ff3dc95373_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c47182⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16253083789933785160,5205105205616620793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3476
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD5e4706f906309f755c131fba4121d2a17
SHA11644fd20193d4b1cc76e4fe68f0a12aff2047671
SHA2560956c63a94c1a7ea399adf220526e475b65b085874a315e70bbd7cbc218ad43b
SHA51261c6dc99f0ec3d20fbf263fff7b45c259cb1550d8e726e2a8e10eed49a628f7b115d81f99a75fd1d6bcbd2a1620877c8cb4295d6124bd5c2fcedfdcd46b032a3
-
Filesize
6KB
MD5dbfd9697d9b171984ca0069fe60ec7c4
SHA1802e002bf6f7245c1ab2cea2749714ec4435a1f3
SHA256971b4c39ac06b9d48fda85e1179d2f805815708ff352d645708ffcd065d91eda
SHA512c1807e63e29d7b75de54cc4cddc091a8fbec306fa623032b4b4a0aaa2cd2edc5afe98a6c69df7694b0ca50f837069ace413c77c1c99df25514d9ac302d085cfb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53cc206842ad49d8aa6dbfb1a0aaad3a9
SHA17a8e844d516d0989c1afed18cf6652b2fd5b40ba
SHA25675f15e47c88f9f86de29c5d75f8de5b3358cb2f17188ad1855c2dbe88ec298a4
SHA5123fa55d6ff62a4552554ba666f57d105f8b9d632a8177d1fd23d7332902f9849552130a0d67f645853ddaba2561051914496bd491503edabbe773cc57fe772406