Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 15:44
Static task
static1
Behavioral task
behavioral1
Sample
9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html
-
Size
30KB
-
MD5
9b331340bc99ae1909d8ce2e72c54908
-
SHA1
19c384029df4fe0363c9a653338a5fdc1bedd36a
-
SHA256
759210c6ea3186a0f8e5951af72197443ae4c4837a5a0445a8f51c9da378cef4
-
SHA512
456e58ef4dea9063426ad27eaaf79f0e5f8d5933d72478346075be2256e37a449903c4d6013ad250e51e8589726720ab3e6df5f154d18379ba217faa097f64fa
-
SSDEEP
192:uWf0b5n4xnQjxn5Q//nQieONnXnQOkEnt1VnQTbnJnQPMCmAFDn253gbiYxYJ/de:UQ/bo5Q9xYpyQ3ZbD4Oi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 5016 msedge.exe 5016 msedge.exe 3512 identity_helper.exe 3512 identity_helper.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5016 wrote to memory of 2548 5016 msedge.exe 80 PID 5016 wrote to memory of 2548 5016 msedge.exe 80 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 8 5016 msedge.exe 81 PID 5016 wrote to memory of 2372 5016 msedge.exe 82 PID 5016 wrote to memory of 2372 5016 msedge.exe 82 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83 PID 5016 wrote to memory of 1676 5016 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f647182⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:82⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1324
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD5ef8a8c147f7b0e02361f14e0b560591e
SHA127acd121beca20786e7b3789f115e7bef6624ac1
SHA25622a4d1151e915bd5e13bd5bb965d128dcb49865c78f70ed90310ea7f01679e63
SHA512e43d534ced17c972a8c69707a9f87edcd268a8727cca395f844a761b20e8b5b64595ce84d7503bde6342b7a0c9b2f92637f468270c5d68243b3dd765a1f4349e
-
Filesize
6KB
MD539f98aec09f7d20078f1a3bf15d0fbf0
SHA1bbfc288552c83bc93fa7355f52a1ea639538b028
SHA256ccb1ee224c71bdc986280a6cc6050a18a2f2b2e6514fa87c25351ad75a522959
SHA512829d7ca7fb23ff61b0919f3eabc7e8a3003be973fdda5fd424fd375bc2f631e6b071270fbc62138f867cbdbf5aaa27947e34a29478784452d6cd8a5fd68f942a
-
Filesize
6KB
MD52779a1a36fc475f9e4cda6d8d53bf043
SHA120bfa87d11e8afffa6d88d7b65d831e9b1fe75d8
SHA256b0ab8de823682d8cbbe0871e8afc7869e701bd95092bbda96673c065563ae516
SHA512ec8342685db91aa8ca9d0c88299d1ffc281d4c6aac3e06157eac4e407134aef43ede9ddea77271047fa626a3963c1aba69fa7014cf2ba871d38b6e2373a41cba
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5db25b3d55853992685c0b76c6121c7b8
SHA19fa0001cfce72479ec6364e647ddb19d0a796e43
SHA256e74299987206e374b986ff86684fce4b4186f9e8eb667c5271f4e0b2b3cbb14d
SHA512770a958984f701dfd59c14fed9094f8c12b7c43071f017b70226813cce69933dbade6101eca6484f20b5cafed20dd6f90d419b2d4cd8937742706b83b8ec91e4