Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 03:12
Static task
static1
Behavioral task
behavioral1
Sample
905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html
-
Size
68KB
-
MD5
905bc7afbd0cf3f14a85906b6e25a35e
-
SHA1
d4b643ed8096d9694b2cec1f14be7ef35ef8099c
-
SHA256
e031dbedebc9977c15e1ee2d65d2c4a08f5b8a28dd4eaa6ddaaa739110b58b61
-
SHA512
acce5abb40c8f5965f082903d6807566c3e8d8e6dd3e82abbcaea9f823d70ec8d97727402d41e210c7485757b6a82fc8dfe5c7c9b2db60271937ca41f0c49188
-
SSDEEP
1536:UWRZ+ycJI5qEjT79tyYu0gKrpUwO+Py79tDYXOIOII:UWRz1l7908Ha79xYy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4312 msedge.exe 4312 msedge.exe 776 msedge.exe 776 msedge.exe 2324 identity_helper.exe 2324 identity_helper.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 776 wrote to memory of 1340 776 msedge.exe 82 PID 776 wrote to memory of 1340 776 msedge.exe 82 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 3220 776 msedge.exe 83 PID 776 wrote to memory of 4312 776 msedge.exe 84 PID 776 wrote to memory of 4312 776 msedge.exe 84 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85 PID 776 wrote to memory of 4812 776 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f47182⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
477B
MD524afe357c191ab96b737f39eda434741
SHA15a1444eb2a152261a1ccd9b0c964057f8dba98bf
SHA2568e003e1ce59dc2a58f8bdcb2ed68ab3c115efca34ca93cd1540a89933e95d371
SHA512c25d9386a27b38e2f18943b205be0272e74db7129b5af2ba4131523abc739337b6c11a0d55dc1a6eb1d589cd1359b97c526b577618edd2ac2b8fc9cad78def2a
-
Filesize
477B
MD506f7589bbafa125eeed97d47b5c00c85
SHA13044607567eb2746d85f7f27821e352eaee001da
SHA25679dc67a95ade992878e3ac6bc2afc188b111d22b3ce945327f8f7b3073962dd7
SHA512b996dac654bd130fd761ad3d410f332214254efebbe63d820b7698c458a9a41b731c0675d2392ae6d55d556e6d56571b1330e570737455ac75e15a82f6c9c1f5
-
Filesize
5KB
MD5baffe4239041392454de65e4fd4668ce
SHA13f9c42e5a1402a4060c1be2ec864fc77aa72f273
SHA256e7f23b9bf7543d1d5ed287309f646995c5091783c4bdc70f321ee9df90e1d49d
SHA512ea47daa1fb3bba33e73d7b545bfc808a6a91f5f753e4a734d2465e1fc9af7372287b5cd9330da1162c77fc549ac67af3da620d17b5f93a3bf75617a3e05902ae
-
Filesize
6KB
MD590642b969060ca5273c4b096c64799bf
SHA13feef001e9a6b1645cc7d0362af91d3890953b71
SHA2560c350cb3298ed7fc02c5b5a8dcb9eafabb7304bad1d4b31a088413162d915490
SHA512d717526f407b3f1c39f4de29e5e8cd0ac82375fd1d3397e7eb99eea8944799ca9e8caa72894711e9e3dbf36b83b43b6154d37b0d39a46ee4c9699f8927db82f3
-
Filesize
6KB
MD54fd5fdbbc5212b9aba07d21e2f27b56c
SHA1cce84194bdaf24d294d23533cae430958edfcaab
SHA25692ae2cde28c287425a26b60b9806950b2ede26a2e2e33480b033e2b47022734e
SHA512725da4d585ecc8b15007676961134ecd6717795500dcc1729954ab4e97bdde5a14350c5302b96366059a8eee20442028d3780d7d3593a5bc91af94e228f5c271
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD541af9e9dcbd57805ed160c3543082364
SHA1ab528215deea8aacd2f1ba0f23a783413a4fddfb
SHA256b7855fa5716fa4979b048dd3f12c2dd0baf7ef2db81f5d1760bf9fbb864010da
SHA512e4a1b1ff9c8482433d345e9d4c82bf2922ca061726cc59e03f0a523f83604fa2049daf08e38f5ca1cf1909dc191c79351aa2201c3448fff6642b4179ba98d6d6