Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 17:48
Static task
static1
Behavioral task
behavioral1
Sample
87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html
-
Size
38KB
-
MD5
87cfdee29abd3dbf8f021760a624db2f
-
SHA1
1d1815a93d7c002053f1653124b685dca8608662
-
SHA256
f8c8cce5a65748fa374968c02aac2feeb9663c3d788957ae804732359b740fc0
-
SHA512
7e8848a3c2220b70835fb8328317b559ce8923c4bb83150af9bbdeaac026c7a1d8d922af388f93e9ae26aa268108127389d1505fc07842cb1cba5a9926b6a6f7
-
SSDEEP
768:RG/U9+FoqFj+u/BAJMpPzAOti5XpFgfXlgfMyUDA1SI2mz:RuU9yoqFjzAJiritm2MyUDA1SI2mz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 1764 msedge.exe 1764 msedge.exe 1888 identity_helper.exe 1888 identity_helper.exe 4240 msedge.exe 4240 msedge.exe 4240 msedge.exe 4240 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1764 wrote to memory of 1076 1764 msedge.exe 82 PID 1764 wrote to memory of 1076 1764 msedge.exe 82 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4636 1764 msedge.exe 83 PID 1764 wrote to memory of 4048 1764 msedge.exe 84 PID 1764 wrote to memory of 4048 1764 msedge.exe 84 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85 PID 1764 wrote to memory of 5068 1764 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d247182⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
402B
MD55cb8920497b826cf9682eabdadcf035f
SHA17d85b4b95e6f8e951e080bedcc01ba8517750c64
SHA256f80ba7175debc3b52058f980049bfe90a04f868e025302ca8375544fc27093c8
SHA512f89593ce550706f895202dacb55e51c26760bb4bfc5292cd7d0e3b4ccc11f873f40239e71b4df9f30d8b7321f32077b0700769b7ef804fd683a3ff071bde09d7
-
Filesize
6KB
MD5a77ec9a1c29475bdc388a340a44743a4
SHA104642bbc7bc248730130f961a9787b179b409a22
SHA25648cf521f021e7f0005c45b79350d504aedb4b743c8d4f3346ae145a8530f8818
SHA51221a1d442082b709995b5c7afb94b17ee52345723a3554a8c196400bdb6832614fc977de9b7268efa3f534e2fddd185c270765a33ab765e68a154d54411776f41
-
Filesize
5KB
MD50f2a25122067ca9f69709c0a32eda88d
SHA197cc8d588430cacfae08d46644aa6992546e9d3a
SHA256fd1024cc55ad68c9b2c5bccae183697d8d4290e4c1a8180742ee9732389da849
SHA51253bf4912692b830884d624c35a0e78b3fc895f206491b8a80b3905961ef4593eb5bffc68701fcda2d2f2145c986809860c67161959152aac59d5f0bd77d72b6a
-
Filesize
6KB
MD57ef500133e80469bdfb5115f1c40a0e5
SHA195a664635be14867d6ea198e3ec54ac93b5237e8
SHA2569693e7eaca664b795130a7905f70a760e986045f3a25607ab1b9a356d5812b51
SHA5126d8e9d6211c1aed96891232639d5ea7307e26ba36e05245bb506d92cf46c9b73679521865152ef0b37e9125e69347f868ceefc661cbc3de8887110ecc296dc34
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD504914e5b89dc1a0efc4fc58afba2ddb0
SHA120371694cd0502450a35bbc9e10be1ea087219ed
SHA256b092f60a17b4ac5abd531bf206d56b87f5719983b82e45088291aa33c5a776e9
SHA512e6cda59f843dc00cebb97f16182e72a3d60f965cb919ff9752b6605c8164512b2f02f0c2d2cfc4224febb1242456d707bd72a2d3f93b97ab6b8c617254e4fd02