Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 15:40
Static task
static1
Behavioral task
behavioral1
Sample
aa7a3bbeae9d7351a72605024bdc4f6b_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
aa7a3bbeae9d7351a72605024bdc4f6b_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
aa7a3bbeae9d7351a72605024bdc4f6b_JaffaCakes118.html
-
Size
139KB
-
MD5
aa7a3bbeae9d7351a72605024bdc4f6b
-
SHA1
c684bd48c1e903e2aea975c1c5e2f8efde28737b
-
SHA256
8a884c82afd63ed1db067ccc9083a73b4ede3ae7d4a92e2310fafc33d321b953
-
SHA512
d80d5cc08d5949ada55b682d8eb81757b673960b7f730a3e9e51dbda05dd7dd6c8f364a67424ae94be67ea5c81b5cb7fbde0b6227af284e2bcef39d0b41c91a9
-
SSDEEP
1536:SRNaLpBzly8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:SRSe8yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4816 msedge.exe 4816 msedge.exe 1252 msedge.exe 1252 msedge.exe 408 identity_helper.exe 408 identity_helper.exe 3396 msedge.exe 3396 msedge.exe 3396 msedge.exe 3396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe 1252 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1252 wrote to memory of 2912 1252 msedge.exe 81 PID 1252 wrote to memory of 2912 1252 msedge.exe 81 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 692 1252 msedge.exe 82 PID 1252 wrote to memory of 4816 1252 msedge.exe 83 PID 1252 wrote to memory of 4816 1252 msedge.exe 83 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84 PID 1252 wrote to memory of 2552 1252 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa7a3bbeae9d7351a72605024bdc4f6b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff9924847182⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5315915668413813240,973534772340556834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5d8fa3334e0cbe066b621827cefca448c
SHA12d7bde703bb03668b758407aebdf5f7e7b00a886
SHA256dd75d7b38cd184d998611a3bfb86e9d53882bf7eb9a54013380da7dfd1cceb55
SHA5121ae3ea1af00e79179a7e11411309da195443fab01a9d9ec6c135bc3b17444f2aba84e1c77804df886699efaddc83d0d1711ad6d933264cebce38a5acafdb7dd2
-
Filesize
5KB
MD55171ccf40d9542f4482bb0bcca14fb77
SHA14ee36deb9bf61dcd5038a9a94e70b71d188e9bd1
SHA25635d6c08a881caf3eb1f9397405ac1d6e1ed7bece57629a26f929088289849d1b
SHA512f8c6c6f7102f70eb600e3cc168e66ccb102afc415d7cf670f70915d2fc842e33318341fb5936205f84bea5dec3db530b508aebec969c2944dd949a44c07bb0da
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5341061bcf6e3941aa89632ce3e335556
SHA1cd4d1d31511a2a0fcc54d4328fb1170c578ba1b7
SHA256d7c56e7c23a6c733ebabbabd9f92209417d48c53f1042e6cbb65d30b7ba4ab55
SHA5126895c74813d0c166f53eda5a0fbea523627160b4196b54137abf4cd3718b1c9646eb8b6aaf4e9dc53db96b2a5395f89bb675d450014675a8bb2343501782bfb3