Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 08:14
Static task
static1
Behavioral task
behavioral1
Sample
865904553c0ecfd68bdc44bca2f8fe58_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
865904553c0ecfd68bdc44bca2f8fe58_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
865904553c0ecfd68bdc44bca2f8fe58_JaffaCakes118.html
-
Size
22KB
-
MD5
865904553c0ecfd68bdc44bca2f8fe58
-
SHA1
f70795200db3aee2026a5b035a14b5b1c7edf596
-
SHA256
b65bb7f9dbb83ff763041ea337a25f9e9f13765004e81f3f8b624f0c4985f4cb
-
SHA512
8d4c51e0d311e53baf25992de936af63ffeb4b934d93d8d1fa0ff905e0f519771b482cba4c2add9233acd149b1c124341e81885dd6150e76864f3173a059599f
-
SSDEEP
192:uwflb5ngYVnQjxn5Q/jnQieqNnTnQOkEnt9tnQTbntnQ6v06J4RnQNjMBKqnYnQy:t+Q/Cv06k4iiz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe 4400 msedge.exe 4400 msedge.exe 2240 identity_helper.exe 2240 identity_helper.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4400 wrote to memory of 4036 4400 msedge.exe 83 PID 4400 wrote to memory of 4036 4400 msedge.exe 83 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 2860 4400 msedge.exe 84 PID 4400 wrote to memory of 5036 4400 msedge.exe 85 PID 4400 wrote to memory of 5036 4400 msedge.exe 85 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86 PID 4400 wrote to memory of 2632 4400 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\865904553c0ecfd68bdc44bca2f8fe58_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9053046f8,0x7ff905304708,0x7ff9053047182⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3253587282036120422,6795734680615965521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3096
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD5e569aace3e06823dd02ea39e2217743c
SHA1210460af280629e10d156aaf895a29c7e313027d
SHA256b19673c85fffee320a20d14046784a45f829276f693ec4eaaa4b74ba2a2cf107
SHA512f4ef5f130bb06a1113ef639b5f46e5ffde68dbf057e57ac59579048cf70ee735d59ae96a912ad4277b2effffd33f11a19b4dfe8223d58e1697233a03a513c0b9
-
Filesize
5KB
MD5a90be75cdba2eb0eb29584dbc6585848
SHA1a79dc7f360e0c109b0cbe2d7178c7012f9c2c38a
SHA25621b0a638dca1e496a61c42dd26addbba53605d0c709d12959f967be1a42cd930
SHA512b3ecc6669723b97b3c2ae087b8de509fdab27399bc485019225acca7310c81e42a800b0e29b2a6be107eaca51ad4dacd828f9b1bb26238c0c38d5c5db5a73c9e
-
Filesize
6KB
MD5681335553449d50620f0b6ffe5737cb6
SHA1df0baddcff5de93aacb6ba2e14447b2f67892b81
SHA25615f7f264f2e68eff427de2e1f8e753ec420a1fe6dc54db8bf246a9723cf23fa9
SHA512659464f3e715a769fe749efd875e30367b6f961de9f318443d3201fa4d333d8270ec4517b7030524d22f05e5d39958fb1c042a84096575be23dba4bbd0c41e8e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD58cd0a43c952ed35e31db765a6ec1f35a
SHA105baffd528efcc39b3792eb78f94ffea0cb7a6c4
SHA256ec20569023e9b1db90a5ce0326b42a024dfd448a8bd3ce477be12f2e7ea65977
SHA512b45ea05baa4c95caff5eba077494f4ced5c693bb9a608e27020b9a2e07ab48093424df2c257770826345f227af3e45944ededf2a769d15d4414a30adac3d1be7