Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 22:49
Static task
static1
Behavioral task
behavioral1
Sample
b59675516bab4f24af7e3a622cdccb06_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b59675516bab4f24af7e3a622cdccb06_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b59675516bab4f24af7e3a622cdccb06_JaffaCakes118.html
-
Size
36KB
-
MD5
b59675516bab4f24af7e3a622cdccb06
-
SHA1
8b72db2bbb0c4d0aa3199f0c58cf5bec9a061ee4
-
SHA256
1082b310ea6a534a31eecdf3647f19e640ab61bbf6e6de860a1fdda2df9081ab
-
SHA512
08a6cd26de03a3838c74d03b16b2ec95c1f17996d5fc8eacf67390f8b73494be42bc8c8a00f4b7daec0103ec187846f46772b00fbb9379d9fad66341f06cd481
-
SSDEEP
768:zwx/MDTHg688hARUZPXfE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TbiD6eGx6OxJy6D:Q/7bJxNVdu6SQ/C8xK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2980 msedge.exe 2980 msedge.exe 5104 msedge.exe 5104 msedge.exe 3128 identity_helper.exe 3128 identity_helper.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5104 wrote to memory of 4520 5104 msedge.exe 81 PID 5104 wrote to memory of 4520 5104 msedge.exe 81 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2736 5104 msedge.exe 82 PID 5104 wrote to memory of 2980 5104 msedge.exe 83 PID 5104 wrote to memory of 2980 5104 msedge.exe 83 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84 PID 5104 wrote to memory of 956 5104 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b59675516bab4f24af7e3a622cdccb06_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bf9e46f8,0x7ff9bf9e4708,0x7ff9bf9e47182⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7592380802222146892,658686155262510287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4560 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3164
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
614B
MD510a4e3454224e4401f1b49f72dcfb87a
SHA19f2a5e7ef98b412247f91268f4cff16a70d8f83e
SHA2563a5e23cc9cfe28e9a2fa7eae707c01b91827d6e43b77fbac9dbe8703f6143b89
SHA5129e0e993d2992dc6ce7f88fdb3d5b7fc05836a15369b84e60bbd3c63e78a65cd0f800e8d73d3c80f5ad478d222ad58f62fb3718c6ba1f81cdfc105a875930f829
-
Filesize
6KB
MD5cdb811946e1066cd15ea0a2ab69c999f
SHA1dd9e90d081e22df6b3018983a37c75f5c8cb7717
SHA2561778398a7053d08cf20f30da0875c23f95ec14490fc21ab2e549d30a0ee3977c
SHA512abac67dc67fdd3d16428db123044cbd15a68ca2af8ce26b2440c90da2c12db1975a0fb4e343685b136352da0629f44a1f0d258174c56d95f61f0867bad142de5
-
Filesize
6KB
MD5042a9b3ff996fdfa9e1f57874b00ce05
SHA185b28bdb8a99974773998432774e252576f56e58
SHA25636253091c0a34688498e5419d51911d906753586239c2121ab639f66b9e7a271
SHA512fbee388163175c02e8f7d0b9cb2d1ce2404ca7d0959d54e7c4e5d1b841b30070b900055607a9a37e7f340b61e72373f80cd64d7b42af8b585450bfd751462a82
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5186fc2ca5a4e1d0c814f7914583cbd46
SHA195119a9d241dc2e078e00afd3848d59fd640cfe4
SHA25697dc7c83e2266fcb66dbcfc931f75b908bc40a60e10398627b0d332619eaf786
SHA512c725971a2107fe9aae8c6e71f6ed4224d4306ecd8447f0c5020a27b5ca684054f5642db85119c02e5a34e87ecab65d9cf1a5d0b28c1dc29e4fcca580a63c0c68