Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
8bbe3a757aa04d870591a5120a5f3b66_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8bbe3a757aa04d870591a5120a5f3b66_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8bbe3a757aa04d870591a5120a5f3b66_JaffaCakes118.html
-
Size
26KB
-
MD5
8bbe3a757aa04d870591a5120a5f3b66
-
SHA1
56a0ebd38cf6485b200de885852771224a6cbf6d
-
SHA256
463620ae3c0d1ef862598544376a8f1df2b235239e015d9e54d2fa2b0dc8e76d
-
SHA512
305ea31686ea9ee96bebb25bc718a0da3b3f80dddac865fe927684f3a73997bfdc3b44ab2ca7938b331a13b39474629eecfc187fded76e1341e34feb7f41f927
-
SSDEEP
192:134rol4cb5n/nQjLntQ/mRnQieenxnQOkrnt0RpnQTbnQnQ3kRo7Stbo+EwrkvMN:1oro+7Q/kW6Dz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3936 msedge.exe 3936 msedge.exe 4104 msedge.exe 4104 msedge.exe 3496 identity_helper.exe 3496 identity_helper.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4104 wrote to memory of 3952 4104 msedge.exe 82 PID 4104 wrote to memory of 3952 4104 msedge.exe 82 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 5008 4104 msedge.exe 83 PID 4104 wrote to memory of 3936 4104 msedge.exe 84 PID 4104 wrote to memory of 3936 4104 msedge.exe 84 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85 PID 4104 wrote to memory of 1716 4104 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8bbe3a757aa04d870591a5120a5f3b66_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e0647182⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:82⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17841678565520064484,12947856434774301786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2832
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
5KB
MD5598248961fff0c215629b6fe953cb169
SHA139683323b0c379d107808fa80d9a32934a980aa8
SHA2560b676dd37765002aad57ab6cc3d63002a036f9914fb8a550b3874978c1a45ab0
SHA512243f398069a61782c8474d031a59f90d8e11bebefb8b63f16f2fbead40685c8bb73bc3c91d60e6e6f338b8e13a46582d7f2cfc411f5f0a615c80e608ff831211
-
Filesize
6KB
MD5bf4ab423fa76761a04a3dc4015a0e5a6
SHA1dbdb8fca07367d94c15c89cbc817ef3b1a037a05
SHA25694ff303678438784f1c52639444708eb26e834256b982d3c63c3159f41c69ed3
SHA512c06761270a94a5b6b87b09d2f217ed1b359ae24b569ffac627585c0a397f9ca9a5af950c8be2daa2739afeaf09812f3a890237b92ee08340fe39a3c60e0ac559
-
Filesize
6KB
MD5cf327fff9ef2eafcb76e6a5b0acc705e
SHA106a31278bf23ffc22f8b4f7b21cfa8298ace3bca
SHA2565d3964ddfc60f9ff5c28195ff0efdb4f609b30518af6aa2066216a9098343d59
SHA51271121311c77af23cec873b75e19d1ac979ef80ea48330ef085f870a26db88d0572ca92638c12d005c1f7668c127aa4cf6b7f928bcf18b2d2f0989ed4dffd98d7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50facc7cc4821f9b245b791ca89661b71
SHA1c8daf2f7bbb1c1ea89ef8ec53e8cceaf9a7cbfbb
SHA2569230ccefcc15788571371d52e7e3cd8e5fb13318b2d2852faefdd9c8c8e241e5
SHA51277c2506329f81116809232924b3ee34021a92f38172982f793faaaf3a045bd8bf47bc6653d8e75b6bb40bd45401c41e4bbc4eb67133fb49888db1476cdc2100b