Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 09:49
Static task
static1
Behavioral task
behavioral1
Sample
8da948e57158164bbe6dc866504516fc_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8da948e57158164bbe6dc866504516fc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8da948e57158164bbe6dc866504516fc_JaffaCakes118.html
-
Size
460KB
-
MD5
8da948e57158164bbe6dc866504516fc
-
SHA1
93dc4a77463486fc5a16e04d1a9c18dadc22c3d5
-
SHA256
c5e13bdd9d76de548dd2524b9ab309b7391727e6d39f69f2e91f68b39ebb511b
-
SHA512
5873ea45311c8035991c06b517e9e7c618526e5df488f8a08b4d78546c1b2e513b4258fe5f1bccaa7db09c727d5daace2b9556aab7d7ede30a4d959c20c9cc31
-
SSDEEP
6144:SisMYod+X3oI+Y7EsMYod+X3oI+YlsMYod+X3oI+YLsMYod+X3oI+YQ:35d+X35S5d+X3v5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 876 msedge.exe 876 msedge.exe 2828 msedge.exe 2828 msedge.exe 4260 identity_helper.exe 4260 identity_helper.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe 2828 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2828 wrote to memory of 2004 2828 msedge.exe 83 PID 2828 wrote to memory of 2004 2828 msedge.exe 83 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 1456 2828 msedge.exe 84 PID 2828 wrote to memory of 876 2828 msedge.exe 85 PID 2828 wrote to memory of 876 2828 msedge.exe 85 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86 PID 2828 wrote to memory of 1200 2828 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8da948e57158164bbe6dc866504516fc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe8b2046f8,0x7ffe8b204708,0x7ffe8b2047182⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13504717032053130327,17097321263956830603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3692
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2736
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD5baf9c3e80947b2bcebcd93c45c21c21d
SHA1a4b44d9cd378241cce05721836b84368283d63fc
SHA25639c040687f142c64243d9617e97fb191a284e2b7a1b278748876d238aad5472a
SHA51205b573b215bc7fbb463e7dc4a367948c6349a9675cae44c84256d48e8443c1253a27b14b7f5e3241e7f0ce2c4d25642181f0fc89cfdbdd5de3bd86318f18cc0c
-
Filesize
6KB
MD5b482a758962b06e5cd40ef18e0e0031f
SHA1df1c0ac558b8118c4ef5fb963160366a2c85a2a3
SHA256f22252e45ecf34ca8b538b6b9823f0ce89c4d796258c13485da8ecd385b34803
SHA5126d434c591e619c44590ad42d6be873ae50f2736d167c38d69b331f6003056a8c5649d49224c25407751ee61c1de44acc1b6a92947ed98677f8add3bfe7d08267
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD59d9f074e6e5d6a301aaab2b12619d33d
SHA1b01b3eec9465651ae78961c9b7556999e790ae02
SHA256a6e598c66fc39253ce2321f2653c4c6e9decc9e6f9892030c28259b4e88503c1
SHA512929498b1d2d5cd3d2aff9a722cee23fc7aa159b6271922fb85a8ed5ebb60f5a48e289ee44892eeb5b3ae1f6a3415f0d1a3fad2426b06dcc2cbcd797aa7561214