Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 13:49
Static task
static1
Behavioral task
behavioral1
Sample
87375323942d670dd4eb2623bcb14a55_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
87375323942d670dd4eb2623bcb14a55_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
87375323942d670dd4eb2623bcb14a55_JaffaCakes118.html
-
Size
27KB
-
MD5
87375323942d670dd4eb2623bcb14a55
-
SHA1
e290cc6a6ca015ee74e08e0de5f8ff5aff9a722f
-
SHA256
5c09657aa3a45253152360d55610ea9619bf58e2d09ab5af413c83c911d2a4fa
-
SHA512
58977c0ca10d73037e330eead2675ac5d1419190b1ccb6aa2e7a107ae5f936f39ef9c4309d3fb3f5db5ae3d060bc8f4bf6bc425f3ef3ecf1ba152a98256088b5
-
SSDEEP
192:uwTUb5n2unQjxn5Q/pnQiecNnVpnQOkEntvLnQTbnRnQ9eSQm60NABqe7GQl7MB4:7Q/r1PIyABqe7RSWxD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2676 msedge.exe 2676 msedge.exe 1112 msedge.exe 1112 msedge.exe 4596 identity_helper.exe 4596 identity_helper.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe 1112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1112 wrote to memory of 3844 1112 msedge.exe 81 PID 1112 wrote to memory of 3844 1112 msedge.exe 81 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2788 1112 msedge.exe 82 PID 1112 wrote to memory of 2676 1112 msedge.exe 83 PID 1112 wrote to memory of 2676 1112 msedge.exe 83 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84 PID 1112 wrote to memory of 3816 1112 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87375323942d670dd4eb2623bcb14a55_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c47182⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:82⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6692786072882099244,9944776473449044312,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD534aad4e828050fc678944d3bbe378869
SHA1739058a4f5cb775a7e0584ace5950a23721e77ec
SHA256f4998b998656d64f5743bb2577bb4323fb5675b1856b6eacd1c3cc61da5c3e7a
SHA512c825a03bf47f4476cda1d6a19e161b55a8561af1af44f75553448951a1109607e94846ff82b013e440b230802558cb1f3529e4220f1d298a049ff840b416d10c
-
Filesize
6KB
MD569e8c14bf6a0f813832469b56bb52daf
SHA1ec979da578178f3931f84412f826898e1b2db5db
SHA2561438bba56608a5a205cc90dc25350ba35a7ae4f924af342fc82893a324b4cbb4
SHA512929575085fe26106cc1d40e6366a901516d4ed1a9d455afd49af492c7274103127ce79a6b156f756682f4b0ce0fe3c2a79d775cdb070ddc715c57bce352dcee0
-
Filesize
6KB
MD50f89e869bb161e547eb2266a67580bfa
SHA1468a342bfe111b82c28cb18b0592f9df07493f2e
SHA256fb0588dc97d28d409f97191e603b1d4ac9e152341101f5461b89d9d10e35fa91
SHA5123b2121b8e3353c4ffa2399fb90b1e720fea7f1a0232e1f1aa280a9ecf224d1a1946e40570764e5c889b91a4d21c754775249eb874bea6a8adb2d118e94fba6df
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5918cb0271a1e2b2e72a5cb8cd70551fa
SHA13ec702f35b03de387531b46828c596397d1980e7
SHA2567622553a5085fb60e3b052905c0902ec15056376ad93804129cff84172fcc162
SHA512cf407eb097921bf0a48937328640bf5e11264a9580518eee8812ff32c2876b7e38c44345f57e186406b15c2670a98058cbd2cba075636c3b53a50530e1e8ff6f