Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 16:12
Static task
static1
Behavioral task
behavioral1
Sample
814df8f157598d38ecd80fe0dcd4307c_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
814df8f157598d38ecd80fe0dcd4307c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
814df8f157598d38ecd80fe0dcd4307c_JaffaCakes118.html
-
Size
41KB
-
MD5
814df8f157598d38ecd80fe0dcd4307c
-
SHA1
40f1ca77fd93b4aa9699bef18a91aa2d8a2f23e3
-
SHA256
8ce55fed65c0180626d32b81f472ef611bfa038b40373026030b6899377ddd9e
-
SHA512
0c29d4aab119dd37bd3de34f2b781736a6dea8f98314e0cfe48134b34b11b3a23732284ea3b8fe914c4ea52c7870681e728055ed77f9fe2ae1ee522f65d5e720
-
SSDEEP
768:F2bjIx/bmIgsDvqfe6qWq/8Uqe65a/pJItbLZPlmVgQXkVgQJ4lVgQtvqTFVgQRr:F2bjIx/bmIgsDseA7e658a9LZP0VgQXw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 684 msedge.exe 684 msedge.exe 1720 identity_helper.exe 1720 identity_helper.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe 4484 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 684 wrote to memory of 1620 684 msedge.exe 82 PID 684 wrote to memory of 1620 684 msedge.exe 82 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 2536 684 msedge.exe 83 PID 684 wrote to memory of 3324 684 msedge.exe 84 PID 684 wrote to memory of 3324 684 msedge.exe 84 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85 PID 684 wrote to memory of 2920 684 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\814df8f157598d38ecd80fe0dcd4307c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda847182⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11558171787941451629,6660638161763501030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4484
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
393B
MD5602994e7e36f99b7bc7d29154096376b
SHA1f63bb9602bdcdbf8358b4ccc6e78ce30be4232b1
SHA25648407d1870b150f70df5cad9c831e6cd76fd650c1b29539859da33cbd1edee73
SHA5122887bc19d871b4fad11111620bcd6d1697b335c3492a8d8e5396a6c404fd2fcb8ba788ec7d2fff72dea72a49d86b886c2f25ed0c8d1ddaeb608738060502f85f
-
Filesize
5KB
MD5f5a1a48549e8dce8989686424e407208
SHA1e57295876a2df48258d6128a4915d5d23adec90a
SHA25617211ac129632ad6d375da587053b364ca3fbee4e783f562ec0c50da9a9c6f6c
SHA512e085fd3ef3f73befeb5b53259a35d60b2eb09da36deae1d3aff3d74cb8d5f60dd92e6d2ec676c2db1c60453fe6b2d213bc83ba2449f4433a6d19b8306493c351
-
Filesize
6KB
MD551e76b0c737be15c34a10c527bd1b123
SHA137774a8ba0db1da9ab706136a3f9bd7a4162f45d
SHA256b5b073ae79ed4ab4cbcbc02300be2e32562558fabd2b3e2c7e1f95f0817f8fed
SHA51288499d196ef977e31d25d4c0fd07c457fd7ef2a40f1d81dabbf8e838cc47b02deb7c56697acf83fa687983b1334ef5c01bfae2dc46bfeefc262234e7ed43778e
-
Filesize
6KB
MD50a16062e63b30bb68fe29729fd2c9763
SHA11c1ffa141d49de050c2c59d53bcd0987a4404ed8
SHA256f833a6f69f285958ab3afab3b53936f215466f734e984582fcfeada63c535570
SHA51204ac6e33525274ba9267ec180a393e13fd9640641aca371a0369bf66465f442b3271ba41a4bd7b763ceeac91236158ec4d075515a312c93a2be4b715a7958593
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c27a98294f43a00bef04dc2170c761cb
SHA1bd9220ab600bc452d3d98acec2cac59302594396
SHA2563e6bd6d2ba1ff4ef7ba3d2ad5ec91b763c358160dd39a4091f0262f87426f96b
SHA5123de65bfed68a6432eaf78909c9cd32e3703a83ba88ee1b8b9efc14395a13e8580a0d242a2712ad3f9d0ebe8b99d2dc40d25e942a32f846cbeb38effcd70c9512