Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 18:20
Static task
static1
Behavioral task
behavioral1
Sample
b487e8585c00b989386e4847804e6d92_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b487e8585c00b989386e4847804e6d92_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b487e8585c00b989386e4847804e6d92_JaffaCakes118.html
-
Size
71KB
-
MD5
b487e8585c00b989386e4847804e6d92
-
SHA1
6a11033343fc94ff1656b12772f5249b2de09c8c
-
SHA256
a14ddac41ca34790bd971e71e65208e90762754e031e9a69023b7eb57718b8a7
-
SHA512
4bab44bb2ec558af6eced1505d96e3328998232c1fc30b1dec61a829a8082a3fdd8b65a8fc08014c4979cd2e2932084ad11db8f1f17d110bd451ec5af109a972
-
SSDEEP
768:JiogcMiR3sI2PDDnX0g6se6P4mLgSoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:JovlLgbTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 2604 msedge.exe 2604 msedge.exe 3960 identity_helper.exe 3960 identity_helper.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe 2604 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2604 wrote to memory of 4568 2604 msedge.exe 86 PID 2604 wrote to memory of 4568 2604 msedge.exe 86 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 2000 2604 msedge.exe 87 PID 2604 wrote to memory of 1152 2604 msedge.exe 88 PID 2604 wrote to memory of 1152 2604 msedge.exe 88 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89 PID 2604 wrote to memory of 3612 2604 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b487e8585c00b989386e4847804e6d92_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b7447182⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5430470658776498146,13839155743834587555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD5f027a2b0a93aec442a0002226ba5e8f7
SHA15e210c1ae28a2b7953b28dc5ee14e5ca69b406c8
SHA2567b298e75f4b8e781740465feca9fe33ee5b0a6051f91df551c7653979ec8e34e
SHA512b78749ad9932c0e1266908d37a99d041f65d190e6e1a1b3a04fd1c9bc9ca394edbb8a42dce10269d179b0591867741a03ba8dd2aaaa9ebe218810e4fad78958e
-
Filesize
6KB
MD56ecb95833e4c4ddba9381e12cb321168
SHA194c85eb273257021cb98a9962d0bb9faf1fcc08f
SHA2561b1c4e30bcdcd74d168dcd9be9f5069a6ffed3e333da81497cab5bec8064af84
SHA51266b375cedf9c67e82db8030a1afc5db8fa6851e0c378b084644954329f34a4b550efad3f9e33c8dca1c8140354ccd9dec5d729e37f54873361d9a9734bbe3652
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d3d6b3b10ee263519bbf7bfdc6753ec6
SHA1727b400a51f7fa78bc741acc505432025fadc583
SHA2562462bc78bdc188728db7435e48e69920c74b115a2e9ac5449892f344f53636df
SHA512877ef2b6f72e93954b177d2f69755cd25205c41d7089c945984797a5426bc06db90eca6fde8d667e02a87f2f8a04293ed291adfeb0023181668d5ebfd95abe1a