Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 21:02
Static task
static1
Behavioral task
behavioral1
Sample
b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html
-
Size
141KB
-
MD5
b5302c62955d60701caedf69f864c7dd
-
SHA1
323aff8eacaa416295b2b04fa2e28452761120d6
-
SHA256
d8ff4ccf101bcd6c1e578cc93d99565dbd248fe4e26e9e2327e95c7bdd8b4bb0
-
SHA512
7702ebd88ea6488683077327a73ead79da9053b7c83ea713febb7a3f9d10b06a7410fd655522f87768eac9a0414b5a5a0614442a56bcc3ca7963a497794d98a4
-
SSDEEP
3072:PwXK/OQrDOZg8YWLSSKoUQJMsgLxl6FxJ:VWQA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3312 msedge.exe 3312 msedge.exe 5568 msedge.exe 5568 msedge.exe 5496 identity_helper.exe 5496 identity_helper.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe 5568 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5568 wrote to memory of 4052 5568 msedge.exe 81 PID 5568 wrote to memory of 4052 5568 msedge.exe 81 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 4452 5568 msedge.exe 82 PID 5568 wrote to memory of 3312 5568 msedge.exe 83 PID 5568 wrote to memory of 3312 5568 msedge.exe 83 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84 PID 5568 wrote to memory of 5536 5568 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b5302c62955d60701caedf69f864c7dd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5568 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f47182⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:12⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5518857663220014606,9716428647761665927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5620
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
790B
MD5a7becc27c2e1b583ca23ff965ed05802
SHA1736b9c1df5fe51b2c5dbcfcafaf4cfc3ce39a569
SHA256284961321a31f927739300f2824151275eb63171d191e83afed1a00c222c0e82
SHA51263139feb12b5407eeb9c85a689f1e04a7ea02c46de2746009d59ce29ca768e7e140782e124717864515074d171e87c5df944415e0043a490dac89408a2586c23
-
Filesize
790B
MD512a119d7cf916ce63aa387b245125f2b
SHA11370d666e2e4772425d8e82d0a40dd6008c859d4
SHA256eb075117ba727901603b21e2735fcc68add018707e860cf7f8144fde80404446
SHA512ccabaed8dbfa81ce8a8b3009dd66a69eb5dfdf7d0fd78ec4c99a707d29bb397dc26cc6720d873f8016f488d79ef28814b7d88b0716961f65ed9d181a6926c87c
-
Filesize
6KB
MD5ad168bda2afac8dc167280fef132ad06
SHA1ae36a7560b743bb18bf12b5ea5fe6ae67d67809b
SHA256ecfca6f8015cc6fb35a4d8b47eef6827650bef3e7f6d8a756e3beb25484f1443
SHA5121a7a52dc71e39b387deda9e6f2f3ac225123729c763ec557ecefdb0a74b2239f92f07a6a0a42566517f654113c0f5536ff35dc9c7aef71d7ffe2503de77fae7d
-
Filesize
6KB
MD564c6563dab6db4d16fc7bd4c701be746
SHA1772410995970257a9bb46c203304e6714ec7e885
SHA2560bcfb83ad91651655c37064c20eb09725bab98727c1937975140621cbbf0c404
SHA512319d2e9d6558d7632d3a4461909cef11b2dde71073dd465b0712fb03f9950c08185647dbc13a5294da53919bb36d86542255b10b03271c191ee594cab2adb0e4
-
Filesize
7KB
MD5890f4c2c56aa0b1bacddc1c167ed569e
SHA1200eaec62cc12d06e1bf05bce4d729867464163f
SHA256384d7fc9cbc6bf1fc668a015a21f1c0cd81c7553974603540f5e30350489b682
SHA51223734342f60c30c195d5b6ca021294690bdfd22632171e9ef348075af9cc4ad7d7fb4828a9385da62e3208b0b623c09170271e2ea8f8ee4c986a4745da4d736a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d69de1276f305e61a3ffc4000f8c901f
SHA1da590bea1c0b1a7dcc068b45401ecefedb99da75
SHA2562585435d53442a9ff501cf0b647f55c1783815238a606e0d9ad23ccd3b06087a
SHA51288a5efc2606fd7985f6ae270b779a32be5d8427f1ab9a66506b2c57d2b7d96250639b860f7ba0ffcc27d2b5844a2e740f51143862dc0ca6f56bfad24a43419ee