Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 11:27
Static task
static1
Behavioral task
behavioral1
Sample
919cbbeea69be7138a7b7974a5db529f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
919cbbeea69be7138a7b7974a5db529f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
919cbbeea69be7138a7b7974a5db529f_JaffaCakes118.html
-
Size
70KB
-
MD5
919cbbeea69be7138a7b7974a5db529f
-
SHA1
7183a162a801a2c6204d3ad369023f0a12a82985
-
SHA256
23e5246faaad04ad3c429b4cc6706275fd0b37116f06f6815db4b4252b307e51
-
SHA512
535c0fb9842e31ff0b5a9394274ec485090d89c87dceea35d369d8bc1444d5a4d33ecdcd5c9557bb15632f4ee0aafb4485789cb96f537f816c2b8b2fbef898dc
-
SSDEEP
1536:cm60IePSLIOR6vIdp9iyIou6qiIFMC3QC9AI+C7Y+aI6SaQIFRQe07g3+/I3hCVW:ER0LaQeqg3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4608 msedge.exe 4608 msedge.exe 812 msedge.exe 812 msedge.exe 5104 identity_helper.exe 5104 identity_helper.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe 812 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 812 wrote to memory of 4792 812 msedge.exe 82 PID 812 wrote to memory of 4792 812 msedge.exe 82 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 748 812 msedge.exe 83 PID 812 wrote to memory of 4608 812 msedge.exe 84 PID 812 wrote to memory of 4608 812 msedge.exe 84 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85 PID 812 wrote to memory of 2020 812 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\919cbbeea69be7138a7b7974a5db529f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:812 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd8146f8,0x7ffddd814708,0x7ffddd8147182⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:82⤵PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12384247840555843653,18084661846445600037,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4280
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
184B
MD53ad3b29d15a22733f3769ad8fc581711
SHA18eb01710ed31dd116b5dc8989a8a10be15d261bf
SHA256c94ed4d97e740be0158b34b37b272f1e89d7e45bd7ad5b8614995573d133bbb0
SHA5127bf2084f7738101ed04d60b8340174e38d3ca6609ec553d496db857f3a3ed1f5f9a967347993b7ee17a780c2edbb3896ee2a465b2fc3b0e293bcb5a2b35653fc
-
Filesize
473B
MD59a9b0de752534c9a3606301749ad73cd
SHA1436cb8fa9b44a4eeaad600f83273f1641aedfba5
SHA256cc8d749d99a43f5ff709515f59c077feaada2e1d190251fc85b3b0bf7de5c05b
SHA5127b9c1f8e7d5caf685c708fdbb4f25f057f296c31a13ace0face575181794f2d26aec8b48dd6c0d09d980fa31b9060c25cb17b12d37dbb917fd84b93be39bad48
-
Filesize
6KB
MD5297e1d4307ee5a5de9d503651fd2829c
SHA14a71931f8d47fc8535e35288c9f22f912f564e15
SHA256810cf7ec8514ea18630c8d63b9095026e4207dd347c1f0bcbcaf60c4d7fc4893
SHA512ca55494b15345df89be96ed2b557a55e8c0b87b211ebedae3b93118395c9c3adbd60b6df5b684430ca37c34b1946d2f19cd03da121c5526f30cd23912f77f2b5
-
Filesize
5KB
MD5477cd62a01d0aeb4528f2576ea0445c7
SHA1e60c3cdf961c3b69b4e8b470dd0ecd4bcafe9fcf
SHA256e4b01cb82f2d5ba2950261cc0373bb15a48a085196b221601241705406d3b124
SHA512877eba583d7726f8efbed491b722e5f33134dec48dd387dd471475723935410e1e2895f4f465abf01a7e559c47c810b619719df613724b8575c4d32b972c28c3
-
Filesize
6KB
MD5fea5d7063cf8334f20cb1d009f55bcf3
SHA1c70d088d9a0e44d4421d871552855b48184713e6
SHA25618c689b43debfff84ba8cf4c8a7933876246ed8db09ad60a0f18e0f5484d4cd7
SHA512ba01f82ea5b792713b63fbe1774b3a1e6bb47bb89ec5b8de6f62c43e9f8973ea61536b683bb3a348a412baba7274615552be48a8577fb18dfe762065342874c5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD568ba19c86c256386306204bd62b3e04b
SHA11aabbaf4907e9fece0a8353f6d6591ec3c535dca
SHA25698e355478325c1935dca9aad6e4117c4c29d2ec6a57b15234c440a45096aa66b
SHA5121cf9b601e89c2d21c70d72fd4eff27282877eeb42e4ee60ea6d1db57beda9e226e8f8ca6ba309ee0c0d6321ab441fa309509fe855e38bdc1e8c0eb06d6f46516