Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 10:15
Static task
static1
Behavioral task
behavioral1
Sample
adf25ed7cf76eb1e6d05c4a3f131aa14_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
adf25ed7cf76eb1e6d05c4a3f131aa14_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
adf25ed7cf76eb1e6d05c4a3f131aa14_JaffaCakes118.html
-
Size
27KB
-
MD5
adf25ed7cf76eb1e6d05c4a3f131aa14
-
SHA1
dc3afbfa19f193246da00af0cb74e586175e8a02
-
SHA256
140b604f11f38ceefe710ab9aa46cd04f7a0ab58ca71c82e245cc6015f5a6fa3
-
SHA512
9b6f45ddaffe07f231dce9a1e09186bb56064004d1a1fe744adc2b39686ef6b3b4cd07482e61e1883b1861492cffe1554296cf96cdbfe4b811260eba6253d89b
-
SSDEEP
192:uwP0b5nT2nQjxn5Q/O5nQie5Nn6nQOkEntUlsnQTbn5nQ9edpm66f3JQl7MBZqnU:WQ/OYU8jO3gS7Up+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4944 msedge.exe 4944 msedge.exe 2628 msedge.exe 2628 msedge.exe 3628 identity_helper.exe 3628 identity_helper.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2628 wrote to memory of 720 2628 msedge.exe 82 PID 2628 wrote to memory of 720 2628 msedge.exe 82 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 2356 2628 msedge.exe 83 PID 2628 wrote to memory of 4944 2628 msedge.exe 84 PID 2628 wrote to memory of 4944 2628 msedge.exe 84 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85 PID 2628 wrote to memory of 4340 2628 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\adf25ed7cf76eb1e6d05c4a3f131aa14_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb319846f8,0x7ffb31984708,0x7ffb319847182⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10044349183235571197,1717377141965965397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD54075b719ad710476610e9ec3d0e55e41
SHA18d9dd9f2e401b6849b722387907e5b50a4cc2fb4
SHA256d4d07ee7ee49bd587541ae51ff79e2dddc003be1551235978974ebc9908790d4
SHA5129a96b9e68c76ff0983dff6eec6de837d9687cf02930a18fb4ef7475d32b9fa80576547ad6468505802fc7157ae9ea18a2525b5783209fdd6c90467e3f6a69a9a
-
Filesize
6KB
MD5f3ae05c4023f0d6d4be7892e2230f80c
SHA194a8c8c388aa6ceebde8e24c8d2a4c1b9c33c462
SHA256ac7ccb0f35f46db6e34ec774fef8beaa2401d0504c39c6729c8578ee2fec13c9
SHA512fa303ae0243875c480b7094ce05e18bada2d6a8817c1341e103694efe005cada0007472ef13b98696cefc9d39ed979e2f2a75767a15b4682d040ac13b86aa5d5
-
Filesize
6KB
MD5e9cee6510c3f9179bcb4e0856cb2ba19
SHA18b41ed3661b27315a6fb0a50a3b87642d059ce69
SHA256ea618e4489c9e0c7961ffd26312c6b5cfc310a2b7156cdf8fb0c67c8ddf185b0
SHA512d18fb492a99f0bc9c34d73d59ea02d360b899e2ac2a61598ed682a1c8f2fb30c2dc7cc3909115b1061113e0ed806c531b3fad721e90a5d06b99e82336074f8e9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD516e8f253f8bf690e88793a2e66338634
SHA1881a10f7d338f4ca056d8bd12c9f6f5fb6e4a3ce
SHA256c3fc85d7449d5c549e1569a29033c204d37e6b8b8a8cb3e3c7f8f443ed2a822a
SHA5128125e80cc8d9080291eac8a1a0aad5756a951d298945434892c28362b309cfb6ba7389d7361ddcaf02317544934a5fe3925cf5674c28e745398d3d34ff993544