Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 22:21
Static task
static1
Behavioral task
behavioral1
Sample
abbc54f454c27d3552db02ef5f27b8a8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
abbc54f454c27d3552db02ef5f27b8a8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
abbc54f454c27d3552db02ef5f27b8a8_JaffaCakes118.html
-
Size
23KB
-
MD5
abbc54f454c27d3552db02ef5f27b8a8
-
SHA1
9922adfeca514c298d9fb463a3e5eccef4653826
-
SHA256
a12536feb1ebee58e9af033678628d8484fad3a959914b0859124ed3884cfdb0
-
SHA512
47f0bcd49f58dab56b62ee9c06bb6dabc99f1ed99019e0b1decafacb968ca61d5f926196c0276046ecffbdb3486f9611508ff20ba04033d2fdb8ddd24514a782
-
SSDEEP
192:uwXeb5nwunQjxn5Q/XnQie2NnJnQOkEntVNnQTbnBnQlGLnLnQt4qMBWqnYnQ7ty:/Q/DGRwN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 2300 msedge.exe 2300 msedge.exe 2328 identity_helper.exe 2328 identity_helper.exe 2292 msedge.exe 2292 msedge.exe 2292 msedge.exe 2292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2300 wrote to memory of 4472 2300 msedge.exe 84 PID 2300 wrote to memory of 4472 2300 msedge.exe 84 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 5088 2300 msedge.exe 85 PID 2300 wrote to memory of 1932 2300 msedge.exe 86 PID 2300 wrote to memory of 1932 2300 msedge.exe 86 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87 PID 2300 wrote to memory of 3448 2300 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\abbc54f454c27d3552db02ef5f27b8a8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a47182⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15561526075416250542,5988262598569417054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD5fecd81575c1e099ececf4d4e00442a24
SHA1cf505ff32487645ff0e82fe1d612fcbf2fd51b20
SHA256702cdd2d02b4f6ed3d46cf52720dc7e440d3ab0d15d8b4afc5e423b213b14b8c
SHA512bb63d91ce64d4914b2b185ca7fbec4e4ac17703e36ef798f87a534ea1197e7db23b226fc4ef799db4e3822cef6dc7f161b95aad410af79dfb283bc7a80b68b36
-
Filesize
5KB
MD5045eabf8462cfb5cf3b97bb28755f9c2
SHA1eb0fb50a7b1e82842fab3875bc5d5323d0629bf8
SHA256c7c384f3e57d3d0b606f333bdb08c062d4a81ae635d51b5efb279ca8242fde42
SHA5128c19eed6b5f0e350e8c847c24f01206d70ea1059dd7a1f1fb4787c92a18159fd459f837551e04c36e26a7b9dba1fbd459e9972359edec571f593fb9005c7179b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5a6e5733e05cd9857ac1841689c8c86d6
SHA1dc7c20aee5286a04f5f933b3e27671fa50a51bba
SHA2561e07ddc80f57ddaa7b9568f9db11cbab98c1c56bfa24228ff09a37e41248de3f
SHA512e99f04cee12906ec02a68ee6bb476f03225f6040ed767c031346183d02e3fbdc57bb8816b1caabde14c15883043958218a38defa7bb8eb1b3554d281db692a56