Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 05:32
Static task
static1
Behavioral task
behavioral1
Sample
b6fe53aecacda961fb5db281eadc0988_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b6fe53aecacda961fb5db281eadc0988_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b6fe53aecacda961fb5db281eadc0988_JaffaCakes118.html
-
Size
60KB
-
MD5
b6fe53aecacda961fb5db281eadc0988
-
SHA1
693147d5aaa2edad56a52ce2ebb26d2ef05b240f
-
SHA256
e969145f399592fee236db784f3c6db450efdbc766162581a0ded087560c5fcb
-
SHA512
bc79c2e9988a55aaee339194924435ced595e614dd141022983940a0b7ca7398738e3f9f78251fc27e5cb6a086a477df26ac8a2eb53ed7b59607f512ff013bfc
-
SSDEEP
1536:IWN4kshIjepQhPPN69Fc2dkpVcJgdsvljW7vzGttUQWDejTf8PWupKVhI0v/X26:xN4kshIjesN69Fc2dkpVc+dsvljW7vzw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3956 msedge.exe 3956 msedge.exe 1892 msedge.exe 1892 msedge.exe 1688 identity_helper.exe 1688 identity_helper.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe 3008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe 1892 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1892 wrote to memory of 1240 1892 msedge.exe 82 PID 1892 wrote to memory of 1240 1892 msedge.exe 82 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 4468 1892 msedge.exe 83 PID 1892 wrote to memory of 3956 1892 msedge.exe 84 PID 1892 wrote to memory of 3956 1892 msedge.exe 84 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85 PID 1892 wrote to memory of 1100 1892 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6fe53aecacda961fb5db281eadc0988_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db47182⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 /prefetch:82⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8046205471414189606,3655484267538247762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD567ef42afb739093a3327186ea0640eb7
SHA1107e02d9542efda141d14fce2ce9469d4eeec871
SHA256e32142d3cbec7edecf1b187668e231d512b5ff89afd52d30e595e8c20fd270cf
SHA512075020bd579695bfbfdb4d3e78afe3790a9c307a03da3722c22c30161519a45236dd236bc9f66625b0af022e167d8770b7bafc00f404a4bcc48df7d916187df4
-
Filesize
6KB
MD5b7712615fd607ca471b8c35b81b8e0be
SHA14d76719b986450f03cae6250ae24d635082c36e3
SHA256f73d1ffdd7e7382a4cb06c249d1f27534467b34a8606718776db532b6ce8023a
SHA5126e9abfc5354baf7b918cf53067d73361b149c599698ff144989417d533013f241813eccd1de2c22cdd3e4e17971651751f4c6fa4910e47f3202f94cdc9f08578
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD546fd16090b4ced5abacf3c9ab61e9fc3
SHA12b7aa2f8389790e265de120620bb974b32e8ca5e
SHA2561df86a645c780377a10a6c22b83ca5c440f5f53a9ed3f850a280c77a0d8d2db2
SHA512a974dd615688342350add3b09efce7f6c12689deb5252ade976f9d2b9a1504fbf482c925cd6b8f3e43ff8bbd7b4c4826c62d39155d5cd9f578ab320cae050c9e