Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 16:50
Static task
static1
Behavioral task
behavioral1
Sample
a6960674fd4a132e1e9b379c295b84d2_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a6960674fd4a132e1e9b379c295b84d2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a6960674fd4a132e1e9b379c295b84d2_JaffaCakes118.html
-
Size
14KB
-
MD5
a6960674fd4a132e1e9b379c295b84d2
-
SHA1
72e4fe403e90ba3e8a454fa85b893f015ff98daa
-
SHA256
0518a398dcd75f815c0e4c982fc8c21fef2c560b77472348b48e8e4819eadbda
-
SHA512
38295595b3c06dcc1cfcb2f613a5df8188bd7a48edba4b2e172c27e03a3f843cd9bb76de26951172aeda0287bb5d7fbfa7c979fd22ad0f1c2dd02b76e1336e69
-
SSDEEP
192:AdCHhx17FHlrlUHdWqxlUxRjf8kB9xR+BkbxQ8CpMeqElMippOMUR7unGhTzeEFO:vpUZqxtLBPxQTpyElMiTv8EGhTdKhXb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4080 msedge.exe 4080 msedge.exe 1236 msedge.exe 1236 msedge.exe 1352 identity_helper.exe 1352 identity_helper.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe 1236 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1236 wrote to memory of 5008 1236 msedge.exe 81 PID 1236 wrote to memory of 5008 1236 msedge.exe 81 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 5080 1236 msedge.exe 82 PID 1236 wrote to memory of 4080 1236 msedge.exe 83 PID 1236 wrote to memory of 4080 1236 msedge.exe 83 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84 PID 1236 wrote to memory of 392 1236 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6960674fd4a132e1e9b379c295b84d2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d47182⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13434394037906034657,16981491743948399683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:2780
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD5a06b5910ff4c4bab3870521430e1270e
SHA1a770f63c8e15179a996a7d7088296f72bc5f0082
SHA2569bc1f9b0dbff05d10367e4c49f579ec492e3818be1e45a32a430d9797fb50d8b
SHA51228c3d55bd95a5f564b291f01e4b88a237d15ced1769b3cfab86a72c3c50aec7617bf30e8893a8737bc39d6c44757e94bd49d1725779710dcf2737f5343ca3d34
-
Filesize
6KB
MD5cf94e72732e8e88c41ee76740a41d185
SHA1b6d2d29bfa07ebbf10b4a629532557499d96d99e
SHA25639b69388658c8d40575e2d250e0cf6e9ee2df45f7e877213f9fee713fe225075
SHA5121f338b5e19a65c75dfae7133d285807a01ef22ed636df721a0d45714cb526859ff284a38f03144c6415640a8e343c4a52658c5d014baaa4ec0c90b68d9e195c7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5c0b1d1d29f6dde35f80921c239452bfc
SHA11c376d75014eaa500f8c64accec2188cb090810f
SHA25689087e596014ae1611362093d2625b5d826715bb56cc6b38f7005eba77296fb8
SHA512b4752aae8617cc370764afd10959c1c578fac10cdac5610290fb2dba0ee03839a951014c10133189db9a6bc35c2cd035e13bc5ced6dd39a5090e443429f44bee