Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 22:39
Static task
static1
Behavioral task
behavioral1
Sample
a6ee461dfb167c9d2cf39ab4431ba510_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6ee461dfb167c9d2cf39ab4431ba510_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a6ee461dfb167c9d2cf39ab4431ba510_JaffaCakes118.html
-
Size
40KB
-
MD5
a6ee461dfb167c9d2cf39ab4431ba510
-
SHA1
1ce889c13a010c13786149d1d8a9430ae5506b97
-
SHA256
ea35598fe308f20526280e88f48ed817469ca6dbc9c48d6889950fba4acc744c
-
SHA512
39ae1c5ecd5972709bcb3807ea487e1b72665b3a4a156599c29b374b801f7a7dbe798623dd2abebce9e3dffeee07726ecfbe9547929669979037f882fb502f33
-
SSDEEP
384:EWGtj3MBNM5OiaeNE07mJlzQ/z9w63RTcb8pxhzEKfNuzV7a0MHRBfkswj6cWiCf:hQUFdU5f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3544 msedge.exe 3544 msedge.exe 4872 identity_helper.exe 4872 identity_helper.exe 3724 msedge.exe 3724 msedge.exe 3724 msedge.exe 3724 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe 3544 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3544 wrote to memory of 3744 3544 msedge.exe 81 PID 3544 wrote to memory of 3744 3544 msedge.exe 81 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 1244 3544 msedge.exe 82 PID 3544 wrote to memory of 3144 3544 msedge.exe 83 PID 3544 wrote to memory of 3144 3544 msedge.exe 83 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84 PID 3544 wrote to memory of 1512 3544 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6ee461dfb167c9d2cf39ab4431ba510_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef34647182⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:12⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,655255592480758131,8189685820954393537,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1124
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD54249234b3deae3239282e42dff6df810
SHA1985da286e9da459b48c867cd4ac151d576341b00
SHA2565a64e8b9cf9512464a2a2a99a63a402517faf4cd5e548d448330a11a4df80c62
SHA512ef83372c58b80898c16af20b59f7f848af2a218a668536518d0691668e068c3f4ed68587d66ea68e4730f2edf19e70fd348cddfbdd36af115ff3d47997ccb72d
-
Filesize
6KB
MD51cffc41d27154b9d38a5d44e1f4ac075
SHA167f4e1fc136d645c917e60e1eddbf4f3c66ffe14
SHA256517bb77e3a26fea7255a850b6faab7207d0f30b4f7973318416ac8dc7ee0dda4
SHA5126322a1b3e862acc30c3d481d674eefa87995162404a35cd4ae71682848afdbd4c682f9399291b497bb9addf351c6d98ca6b4b19683bffe56e61d950f7954ef52
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD509b30906ba3a7c29d64b1667b5051080
SHA140f4e86f816cb4cef1648908c85ccfef0eb43ec2
SHA256521a0cc4b3b3627810ea65936216d69bd240c16523c9298426a12a99ab720786
SHA51233014512ade2095e2799ef78155000ae9a9df4ced3d2f3d6c8b4c1cd98b8d2e710349591e3fe10e1f92360029ec3b1dbced594a605442ed6e4eb2117a1a75d4a