Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 02:51
Static task
static1
Behavioral task
behavioral1
Sample
85c80a484e0e9757d674c5b164d0037a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
85c80a484e0e9757d674c5b164d0037a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
85c80a484e0e9757d674c5b164d0037a_JaffaCakes118.html
-
Size
23KB
-
MD5
85c80a484e0e9757d674c5b164d0037a
-
SHA1
b6d3f062a294ebecd4b650a666a367d9841c75a8
-
SHA256
a8bade0a8af6ac9191544749ba02f36aeb2e7b5f8194d679f36bd2dafcd27a29
-
SHA512
84aa453da63018b78d904213684789ec03a42709e7687a323eb1a36380d7f3bc51b5ce7a74a941a13b05e3af9641853aacb7aff58efd0217cd6a3ee8411ee0cb
-
SSDEEP
192:uWjQb5n+2nQjxn5Q/BnQiecNn24BnQOkEntTPnQTbnBnQiCnQtuwMB8qnYnQ7tnv:bQ/c4jGAf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3920 msedge.exe 3920 msedge.exe 4664 msedge.exe 4664 msedge.exe 5088 identity_helper.exe 5088 identity_helper.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4664 wrote to memory of 1976 4664 msedge.exe 82 PID 4664 wrote to memory of 1976 4664 msedge.exe 82 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 1852 4664 msedge.exe 83 PID 4664 wrote to memory of 3920 4664 msedge.exe 84 PID 4664 wrote to memory of 3920 4664 msedge.exe 84 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85 PID 4664 wrote to memory of 372 4664 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85c80a484e0e9757d674c5b164d0037a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b47182⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1300 /prefetch:82⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12004890933292711319,8285722820250444630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2344
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
6KB
MD57d7ddeb4f11a7e9a3f8b7e158f72616c
SHA1ba0d239fd2fbd36e23db3d8ef66eda09f490984a
SHA256fd78fdbc950fd460006355b170919fde1a3371753116783489e00fc9d83f49cc
SHA512d497acf59f65a3e67e0c08bdfd78ddcaf511963bb3687d0d8d6241c18480e77a7b1d577e8b58a415bc6c016fa0f06f52bdde369beb441681dad14348d070897d
-
Filesize
5KB
MD57de301dd210c133f26e821d497ddf4a9
SHA12bd503d88c99cd3f5e3a362ac368612f9932f9b2
SHA256a9bca02580cfc9e9a39969fdf7b70f14ca01a982a863fd335e85192af6270813
SHA5121eb0ffd5ba945acadcacd97a4a34b3eea9c984295728b2cfb04be7fb490cfbde769264b69be2aa358011e979bafd6b79447896d467f5b7a05f9da1bee7f9ea74
-
Filesize
6KB
MD5a0756ce4be468200493ecfd73f5865ea
SHA106b2429aaed051a13ebd3108d6f2f28fa9871935
SHA256ae3c50d46d0ca2bd4b9f5ae0cdb78778b24c733010d04393139d566717224bb3
SHA512cb2b342620c94f3f429bca95d271cbaf459db49e590ea7c305bb9e26d742bcce8e517e46e8e07de072766faec38c93a0fa1d2d4e7687f51f3380c2c0c86a488b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD556187961e5de45534e251755a6a2f2ca
SHA18305d407ccb808ea8d1809e07b7853383715c140
SHA256b418e5e1ebf49f7029a5e74e3b835a5477a289edbe2e9dcb83719eefdcb9a1db
SHA512b2536f03d7968923b6fc1afc42dff9d7875ebc980ba57aac71a11250d9fc0cbbebfd7a27ef98f789bf811bb7dda283b7c391987e608852d0baeaa2e3a17ef192