Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 00:09
Static task
static1
Behavioral task
behavioral1
Sample
8274b6498857ad1b437c3d813bdd0473_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8274b6498857ad1b437c3d813bdd0473_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8274b6498857ad1b437c3d813bdd0473_JaffaCakes118.html
-
Size
24KB
-
MD5
8274b6498857ad1b437c3d813bdd0473
-
SHA1
f7cd41020b1d2e5342c30bd08016b11728423650
-
SHA256
3926131c2ed7968e0449300c28991a967d46105a9c6a57f7a309a7ad46c3b901
-
SHA512
a7ccb8c46fafc785df468ca70bef20c3232b468f0b8b81dbb6a26150dc3e2ad077e5e476bbfc16077659e575d348b8bac349dfc64ff3499ec0a8dae61e33da84
-
SSDEEP
384:59fn9lM+VCRF0kQWUaqAmwrH7Gl7fYEwFM:DfL3VCn0HWUa/mUCh7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4812 msedge.exe 4812 msedge.exe 1336 msedge.exe 1336 msedge.exe 3184 identity_helper.exe 3184 identity_helper.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe 1904 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe 1336 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1336 wrote to memory of 3316 1336 msedge.exe 85 PID 1336 wrote to memory of 3316 1336 msedge.exe 85 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 5096 1336 msedge.exe 88 PID 1336 wrote to memory of 4812 1336 msedge.exe 89 PID 1336 wrote to memory of 4812 1336 msedge.exe 89 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90 PID 1336 wrote to memory of 4472 1336 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8274b6498857ad1b437c3d813bdd0473_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1336 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb324046f8,0x7ffb32404708,0x7ffb324047182⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3656115372670763540,16847728189636615592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4164
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
5KB
MD590219c362e2af03eb892c64682fcdb7c
SHA13e140d3baec96bf0846391b5b69dabb24de032e4
SHA256876d8a8a9b966e7462fd3f1628be4ed8d5e5236a0ee7c41735b8cce62f5557a6
SHA5126d1b709d2e75e5dded427769f31e55c2be246d5037aae58487a4eed6ee619ecbe0ab5b0dfa850fe31b7694ed468752f48d08754e2b7b5ae75ec2417113cb7d9a
-
Filesize
6KB
MD57c4a048c40bf5cd7a8b2167d010b173a
SHA19e06e2f67f0fc1a4de4842990bc79c2ca361c8ff
SHA2561e2d3808dad636162538c449715a0c836f4d9aa2f3d550c813ec17b8f9fef7d2
SHA512b27df75fb2f8c8fde0b9647d89c11f3a589de6ea255ab13d4afdd6a093a4e215393403797543984408b0ab94dd245f7861f0b96bdd4978194746004012e8f0f9
-
Filesize
6KB
MD5c26a48175d76ab26b769388c7a2a3647
SHA1cd386c6030b0d39e01e9bc2016cbe0b2427782bc
SHA256d9938e563cf67b7617497b11ac8cde0c0380d4df92fdbdb2d02110d685293328
SHA5129e8dbe87af6d1bc0058829abe7c1f01b1ade50413475c36b51c229feca1608fae2bcdf517d0526f9f3f3974b93b85d9758c816c92e6eb13542df0c83b58628df
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD595a054eba6fa2d3b38ae636ebf35edc9
SHA1f40457e8bb74b49fcb48f4929ff4564c37230cf5
SHA256ac8b048e1075255e9dd8b97f82bfb1b6e2f910465e920dae4894e54ec84ca6ab
SHA51287a8c15a124b6bd7ee3e3cf0676081751caa5349323a532d73df16bc80f399a6cb761d1c269637395e92cae144065774303a253e3d3f6c51d011cbd06697f1c7