Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 07:47
Static task
static1
Behavioral task
behavioral1
Sample
940bc7f6fe5977ec25af2339b8c9d95d_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
940bc7f6fe5977ec25af2339b8c9d95d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
940bc7f6fe5977ec25af2339b8c9d95d_JaffaCakes118.html
-
Size
27KB
-
MD5
940bc7f6fe5977ec25af2339b8c9d95d
-
SHA1
703097c69ea98843e77e31c9886ade945b181aef
-
SHA256
3fbc5bf9e13d33a5ff041bf9d765fea853ef2e4cf6ac56d5bab639310d7d903d
-
SHA512
da3c36c77ae7e84305cc60921bd216e540a32689bf6841bcab8c4d9e409426f63b0829eb8eaf6bbff6cb68486415097087683dbea343e69d671242eddbfde508
-
SSDEEP
192:uwz4b5npOnQjxn5Q/snQie3NnmnQOkEntoynQTbnxnQ9enXm6lXBPQl7MBXqnYnl:YQ/4+JFBOShV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 4464 msedge.exe 4464 msedge.exe 1100 identity_helper.exe 1100 identity_helper.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4464 wrote to memory of 4592 4464 msedge.exe 82 PID 4464 wrote to memory of 4592 4464 msedge.exe 82 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 4172 4464 msedge.exe 84 PID 4464 wrote to memory of 2796 4464 msedge.exe 85 PID 4464 wrote to memory of 2796 4464 msedge.exe 85 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86 PID 4464 wrote to memory of 436 4464 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\940bc7f6fe5977ec25af2339b8c9d95d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8426246f8,0x7ff842624708,0x7ff8426247182⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 /prefetch:82⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8474868550389543552,3430089932960502005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
5KB
MD572d3e76705e3ccb6fb2ab056ccfefd18
SHA102d296174e2b258d7124c5a911a8475789bfcd78
SHA256735cb50b0daa5f9d3a387c59bd1157a98c119aed19b977603a2d7a3166b7e5e7
SHA5126fd71fa1f62b6d78ab4fd446ffd858e6c2a958aa898f1372782af389a5c289aeca8c2a97f01db9392221b184316615b76e965b45a23685392af45862bc87b65a
-
Filesize
6KB
MD5344adeeba79ac0e11e8019dc11f9ce3c
SHA1f92c8c4f5305667e517465fe7aea5147d19f2458
SHA256d262e65b542ef89af49ab189277c206fc54373f816a084be6ce577d93d684a84
SHA512b2814db20c683bab27e00758ecd3259916cadead6135f088f649bf2adb2f0925e5aa4735cb4fae77862c767bdd43f71c7b97701f5058961d8c0903239c0f848e
-
Filesize
6KB
MD54098cae0bf28f7f7d2052dc1becd6189
SHA153878bf0ec15d5a1e473108323cdf16c2d1693cb
SHA256a8fc9d1ca1b750ec9c22156ea10b27495b8f81a60c6bb91a8e8e3f602c7d8478
SHA512e27971bd7628b08c37c378b8bcdabf9b53f8ed3ff606432bc64682b0ca7c34d78e2f0e9c567bda88f31f9ac16f944feb7f8fdef7e75fbd42022b145bfd4c0c3f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d07a013beda56cd653bb42cb3f6af3b0
SHA1f266db953e5a5f2912755a795458443af8e1a61a
SHA2561aeee74ba149c1bab7c7d3ff0d489d8ecc8bd0656cb0c79d46ffce143a77c039
SHA51282cb9c4d5924eec9a66e82d7c524bdc784fff6ad3c475d8d1d51a9aa4ee8c0ce631681c8aa1c6adeda4274a1d2116040ba8edda336c299553a54ddc88689b188