Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 11:45
Static task
static1
Behavioral task
behavioral1
Sample
9e112374797a01aab001e0a1eddd658c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9e112374797a01aab001e0a1eddd658c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9e112374797a01aab001e0a1eddd658c_JaffaCakes118.html
-
Size
62KB
-
MD5
9e112374797a01aab001e0a1eddd658c
-
SHA1
912416f597fe8065b21cd3c0a0266c9c7f594df6
-
SHA256
6ab1425d7cee5d1ad6a8c072d1f0edfe9878ea884a3f1ba8dd6a99b02c4ac98f
-
SHA512
d4f29a615bc55201a7903198f296bc8ddc244d3d981905fff979eb14a08a3fe729789c377ba27f7a9d081742d51b0aff9d407d458dc1bf772e81fd9cf04de9dd
-
SSDEEP
768:xWnmutkCmQs/QKMtoIa7GH1MwDYZOir5NIp0Y8n4yWn31g90Zs1PbA:gmTCmn2V0Y8nl0m0ZGPbA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4488 msedge.exe 4488 msedge.exe 468 msedge.exe 468 msedge.exe 4960 identity_helper.exe 4960 identity_helper.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 468 wrote to memory of 2124 468 msedge.exe 82 PID 468 wrote to memory of 2124 468 msedge.exe 82 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 856 468 msedge.exe 83 PID 468 wrote to memory of 4488 468 msedge.exe 84 PID 468 wrote to memory of 4488 468 msedge.exe 84 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85 PID 468 wrote to memory of 4172 468 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9e112374797a01aab001e0a1eddd658c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e47182⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15538779067220426209,12761776763199744643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5ffb1cf58acf2b75f462e38551e038c34
SHA1112cc66ec5425ffe8ed5cef0167a1bf7af542238
SHA256804a64472551098e99eb7f4454aeaf054501f28dfefab5bd5a15b093fb0f0680
SHA512962b004b3df95293131025c3ceeefbfb062c16b0aa59b5d1cc3713c6a444da6e9cbbe7441909ed90b4c8748cf7732a12d6e0a31c93d6f26668becf21d688a7b2
-
Filesize
6KB
MD54f106898347781084efe3e4905ab38d2
SHA15dea01191d4018cd505f01850f59666509280845
SHA2569f953bc556bdfce1dfb8b1d690b759b01dc9ea0a20624936807660f4a338b1dd
SHA5123d972675be12c1d05eb15af2d79b60eaff949e0828f86b928051ca1d469e01c8a72d2004403976aae84ec1e23822b646c36300ea8c0c4465555f4c29a0d6e53f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5ee819ba95920b0a81d83be8e9ea41e51
SHA18d32a7a2e6ae92f19bb9c2b9019bbc0fafab0b69
SHA256b4bc7adb3d24bbf1c08662b5c5e75f38475d953a224c7acb482d6d42e4b9b3f5
SHA51291ecfcd5d0dc0cd5ff280401a0de9dbfcd539e47ca95491411e8d200d19d578014d75db02fc0c31e5704b2efdef2d99f87c3577fdecd58c36186437575258134