Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 15:48
Static task
static1
Behavioral task
behavioral1
Sample
a657a4ec6f8abbf503448a6236c0ca4d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a657a4ec6f8abbf503448a6236c0ca4d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a657a4ec6f8abbf503448a6236c0ca4d_JaffaCakes118.html
-
Size
231KB
-
MD5
a657a4ec6f8abbf503448a6236c0ca4d
-
SHA1
f4f07a650cdf4461922c12120b9d91ad7e55cd9e
-
SHA256
27b195d53e571f1f9750cb679ce1f9cfc2e2aef3994b26784ddc4c2a97a1e638
-
SHA512
a10083a22417a4c5a1a7797c567247e6a1eb85cfcbfa0f44e5d5e115010c50723645f4d8fa0f1b1bcad392fa2ad92e5cc55c012464eb8cddf9174c25615cdf34
-
SSDEEP
3072:LvyfkMY+BES09JXAnyrZalI+YsZqo8XBlueJRutudM87FbNN5:L6sMYod+X3oI+YsZqoKJRuteDr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4248 msedge.exe 4248 msedge.exe 3664 msedge.exe 3664 msedge.exe 2580 identity_helper.exe 2580 identity_helper.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3664 wrote to memory of 4760 3664 msedge.exe 82 PID 3664 wrote to memory of 4760 3664 msedge.exe 82 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 1144 3664 msedge.exe 84 PID 3664 wrote to memory of 4248 3664 msedge.exe 85 PID 3664 wrote to memory of 4248 3664 msedge.exe 85 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86 PID 3664 wrote to memory of 1956 3664 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a657a4ec6f8abbf503448a6236c0ca4d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb750747182⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:22⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,7795698891005609713,7428516417948243663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
6KB
MD5a2e2b94e37abb46033142844a8b14f7d
SHA164f60eab3c730ac8d352ace56087320a6f2df609
SHA2568fe9dafe71bec54d970b566a8134a273d08d6d6b6dbcf4835f978b00764264c2
SHA512b29d9a9bdb6bf8dd037f71bbb6c9b99f7d74d1e916da3eae97ca9cd571e93f11c0b775848c9c4406610ef2de541383bac1c3eeddf44b167e0304c7e7a829395e
-
Filesize
6KB
MD53a32813f81aecc004049fce56dae2590
SHA141664f777d5897f90aba16a37fc6cf4f4885c550
SHA25647d7fcbe2d40a1cd46830a0c58d0d37004ad630d80eedc097d6c04fe8c02e4e5
SHA512e41545857ddc1fdeb40440df4b31cd098e85e9bf22ef484037a189a08af03ad0bc38794a704fd69ef4e2e98ff29970ab62efbdfbacfaba85ad6b8aff503f36f3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD540bfd01e23e4900349b4e2e67573bcaf
SHA12859474e726e184da535ad9d32c04072eb2e5ed4
SHA2562fbbf3a49b144ac612b4dc0f769c4c5250ba62d1eb433a78ad202a28179c8c59
SHA5124a7bbbaa3db48f397af6c342d2ef49758808ea7c7d95275490b6761fab0e8e7f5de3859fdfd78a41a066f6064cef7e086883db5d271d0ad8dcfa5d8f8f78ed01