Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 12:12
Static task
static1
Behavioral task
behavioral1
Sample
ae5dc60ea60146053a2d08eae8632d4a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ae5dc60ea60146053a2d08eae8632d4a_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
ae5dc60ea60146053a2d08eae8632d4a_JaffaCakes118.html
-
Size
28KB
-
MD5
ae5dc60ea60146053a2d08eae8632d4a
-
SHA1
9019cdbd2288a3b202496ccd8171d356d73f88f7
-
SHA256
d1d66e62c3f2e0376fdaf6cd4c27c38e3f3b0a9457f09b671e886661a16bd75a
-
SHA512
00fd54c7841ac9139c58e3251a2d98b68bf9a3fae5d35565d47e0b934d413922c1dcb169e8bb9c5b02c7c8793b0d085fa641341326e7ffcec99d1b16f20dfa9b
-
SSDEEP
192:uwXob5nR2zwnQjxn5Q/ZnQiesNnrnQOkEntvnnQTbn5nQ9eucm6OZ+WX3Ql7MBMm:NQ/ZfEO+W2Sd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2736 msedge.exe 2736 msedge.exe 1264 msedge.exe 1264 msedge.exe 3920 identity_helper.exe 3920 identity_helper.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe 4464 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe 1264 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1264 wrote to memory of 4868 1264 msedge.exe 81 PID 1264 wrote to memory of 4868 1264 msedge.exe 81 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 5012 1264 msedge.exe 82 PID 1264 wrote to memory of 2736 1264 msedge.exe 83 PID 1264 wrote to memory of 2736 1264 msedge.exe 83 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84 PID 1264 wrote to memory of 3836 1264 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ae5dc60ea60146053a2d08eae8632d4a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9beb846f8,0x7ff9beb84708,0x7ff9beb847182⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4410344241378735655,15437367229297294769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
Filesize
6KB
MD580e93a0c404b16bd87b36a53eb1b45ae
SHA1bec3fe78a6cdb0c704aff69f1fbc95c7f18602f0
SHA25615d19f9080ce1675f47d2f950415fcd3d367faa351609f59141716ca5e8bf59e
SHA512d05d5487de6467116f73e63a58ca50890946763eb8eb0f3e7c911974674758280da060312f0f84f231dbde4d4bb29276500cadf0594fada0cd46cc419e0324b0
-
Filesize
6KB
MD5bcec29c3ea4a67ad75cb833750702510
SHA15a43fa116ce043c5f754cae335ae15a8f0fb5e61
SHA25662ea7a4c48e845700a0b0f0bfb7645f0416da201ed4ee085bfeb42b8e2d85387
SHA5126f6c4730918fc4facacf2be42593fbb42763a882bb85b818e2cdfca1225df4e2fd026427f063afe2589de88f0ed5c5fc97f4a1afaf4aa0834eb4f0c1d0a4950e
-
Filesize
6KB
MD5da56107226789862d2cd2df4e0f636ae
SHA1e1c54bdc70728e3bfb40feeb9d3c1570786ce302
SHA256da42741b9054e1157a63aed4b6fb701720003cb886b5d020fe7af8b657479e03
SHA512d4c8b260b40a629667d855eddea2100ecdd3f76571ca96fe6f59c90be6a7005b3f2a4a77bfc785248d6fd9342f8c83d527aa16427a31083277397e187467cc58
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57031f8562819e979bb1950f6f05d2f87
SHA14b52ce1ddad9640868269fa9524ab214190fa161
SHA2563044eaea398f8b5bc2dead424a84ea2d94f3c58a08543497c359c9d893eaf29d
SHA512b42f3594f9af2be37de26ac34a7778639e5f0cb1f841e715b353ad3d685bc4d43ce8c8ee6dc9139480ea7c4927a48289eee7bfcdca92bd5c72a7c7920407b5c8