Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 01:11
Static task
static1
Behavioral task
behavioral1
Sample
9c88bf650620ee6aceb65fc62dc6ca23_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c88bf650620ee6aceb65fc62dc6ca23_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9c88bf650620ee6aceb65fc62dc6ca23_JaffaCakes118.html
-
Size
129KB
-
MD5
9c88bf650620ee6aceb65fc62dc6ca23
-
SHA1
1924d21a4c73cc534c81b80f5d90db3963f8e6d0
-
SHA256
c0e19205685ecd44621e87c86003d70d5e66cba36e8beb85dacda907538adc46
-
SHA512
016f8cf93bab8742d36f1bc20bb86571752638e3d38b7bf8497aeeaf7560740e57c10dab3f07498ad7fca1f6f9841e0cfa841485e020f150178191c26d28262f
-
SSDEEP
3072:muwuppH9UNamRQBwDQ+4R9Smyd28eSJ7+QAWUTIfhtNpsKc+9U4:muuE2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3344 msedge.exe 3344 msedge.exe 5008 msedge.exe 5008 msedge.exe 1096 identity_helper.exe 1096 identity_helper.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe 1704 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 3164 5008 msedge.exe 81 PID 5008 wrote to memory of 3164 5008 msedge.exe 81 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 2348 5008 msedge.exe 82 PID 5008 wrote to memory of 3344 5008 msedge.exe 83 PID 5008 wrote to memory of 3344 5008 msedge.exe 83 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84 PID 5008 wrote to memory of 4920 5008 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9c88bf650620ee6aceb65fc62dc6ca23_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff912ed46f8,0x7ff912ed4708,0x7ff912ed47182⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11972548637136707399,9737763192276234411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1704
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3288
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD591717159f062cab85f30dea871af50c8
SHA1cd170665fafa345c3d91eb5e25addc26792da367
SHA256e0c6710466475f85ccabe576873ab6e6dff560fe4a48bd891fc7a325a4af6b1b
SHA5124ac03646435b61fe19b0afdd0a02c4a95ae2b426a745d80242a1d57fe5fcac09d6e39d082b8217b5726a593881eeb852c9422b671f65afcfa6c0c9b64dd186e6
-
Filesize
6KB
MD5f3f5cda01cc3cba2a90ec16fca0e86e4
SHA188d0588c42eeab15ff5084b6c817a65bf1666af1
SHA256cc72efd65f6f92580f8996451ab2b7c072e9c911dde002a33e5795d72e880106
SHA51267e88e8bbf8aef3a4a8eabd688dcef847efe77cd0108a0f5b59440e3b9919c56214f2d380f6032cf8623be35b63d653813615df09343bc077863a6b5efad0efb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5df2003608bf01b1e50163dd697ab906d
SHA113a75f4703b344b3af1d28e11a7205a39e5816f3
SHA2567f8582ef0ab221b1344ec04233e48d9046260a4c68b483bd81ee094a7a297951
SHA512028fab1eb5c0bf1b0bd5a525ff8f69bcb92e7bd4a10ffbaa0d27cefb87e050021c3a095ad895070ac50f2a7fd954fe2c083ba983a5116619c6909468393da3f8