Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 09:44
Static task
static1
Behavioral task
behavioral1
Sample
b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html
-
Size
28KB
-
MD5
b2d91b09a941c898ffc9c13db388c78d
-
SHA1
bf9c8a03d8a523ea99aeee6cd0ea06bdd28eaef5
-
SHA256
f9010c71970ccbe6edd852d4e08df301af4e59b3c77edfb2ce7185ba38e21135
-
SHA512
a61d42dbf279c56b08cc5c9d12af60d57b0d25eb47bdc692c37c586a947a821af3aea3ff1367e4077706a25c3babce06e0d3f978f8c597c58b0b4f12ca774984
-
SSDEEP
192:uwL0b5nIj2SnQjxn5Q/OnQieFNnVmInQOkEnt2AnQTbnNnQ9eVNm64D5xM3mpQlo:kQ/z583W5xM3PS5SQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1252 msedge.exe 1252 msedge.exe 3676 msedge.exe 3676 msedge.exe 4196 identity_helper.exe 4196 identity_helper.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3676 wrote to memory of 3904 3676 msedge.exe 81 PID 3676 wrote to memory of 3904 3676 msedge.exe 81 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 548 3676 msedge.exe 82 PID 3676 wrote to memory of 1252 3676 msedge.exe 83 PID 3676 wrote to memory of 1252 3676 msedge.exe 83 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84 PID 3676 wrote to memory of 456 3676 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be047182⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5884843c63f35ff9c273137069f305201
SHA1d404643fef200597e79d3daf2e229b5bb5ed99ff
SHA256b87fc721eacdf232ca3b905d0a37f1bddef79eb943fe8c7e20f966e39f972c9a
SHA512a02fe0a41de0ccebc04b474452065b8f02bfd59bb899200ecaad4a84ba0fce320713ddfe4d9ff13a444459e52f7668ec1f000cd912839b98d963b1df9f9b7fb7
-
Filesize
6KB
MD539b62f8e2a728df02014e78f33045542
SHA1ed762abaf2d013f2d33310cddca277b157f8620b
SHA2566119874413ad306298d429635563a9de07f738627e5d7bfc88095b8cd13aab5c
SHA5125c5065f6613dbbc549f61bd7e11a44235a0b7e680228e7ecd4380a488af759cfd1bd98acbefe22379a5e9749a3d1a301868c76ab1d4bff80f8c1e806d4efce5b
-
Filesize
6KB
MD5367d455001ffeccf78d6cdd464fca3f7
SHA16c76a8195f8ac61989ff58d603673173887d82b9
SHA2564d7f4b9d1caf43ee2e31b7efc85ae3b5626790add59c06f911974f711ad807dd
SHA512ad79e033d1e8700aea36cd78471a6b3939441c55ae31e7d3c54f51e9282047935ef25f28b40e3f0fd1acf3aa1d53cd8d84b379622fde5f6b1a3cea2445cebd3b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57e7c6caa1bdbcf99921021d5079c00e1
SHA1eaa438e01bea5f59f3942cba09bd29c90d4fc0d9
SHA256c6456c7ecee308599ce3dff8067af7455094b46bb00bb5ad0bff9b338f21099f
SHA512b4f688f68c28a959a1ee65390705f39db9e17db0038240259817266a26390201ce9345ea088d1e431242959fd18c13a7f1db14683763b2cd68f3955da594a529