Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 11:24
Static task
static1
Behavioral task
behavioral1
Sample
b85b723827fc9a890d9a87ba3dd1ac8f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b85b723827fc9a890d9a87ba3dd1ac8f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
b85b723827fc9a890d9a87ba3dd1ac8f_JaffaCakes118.html
-
Size
141KB
-
MD5
b85b723827fc9a890d9a87ba3dd1ac8f
-
SHA1
bc40eec4a40b8742d105aeff9b052fa74b51025e
-
SHA256
8b496705f8ed2489fdf3ab6fb17a7a240147e3e2d0869448582e6810db4315bd
-
SHA512
d4eb43952e6e2b57e7ebc62b2e0460f8e94407c0894d6add27c4244a408673fcdd2554bccc4ef48a34fca32862e288808e2f4286203da98571d18091f3983e44
-
SSDEEP
1536:SDyCTpGxwHx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:SSxQx7dyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4004 msedge.exe 4004 msedge.exe 2892 identity_helper.exe 2892 identity_helper.exe 3696 msedge.exe 3696 msedge.exe 3696 msedge.exe 3696 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4004 wrote to memory of 1704 4004 msedge.exe 81 PID 4004 wrote to memory of 1704 4004 msedge.exe 81 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4324 4004 msedge.exe 83 PID 4004 wrote to memory of 4472 4004 msedge.exe 84 PID 4004 wrote to memory of 4472 4004 msedge.exe 84 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85 PID 4004 wrote to memory of 3964 4004 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b85b723827fc9a890d9a87ba3dd1ac8f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c04047182⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:82⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 /prefetch:82⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8952488344458772693,5165054101019241369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4408 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5ca1029442df521db648c47554fe06487
SHA19cedb505d3cb32fd0560c7e418c2a9a00a5742be
SHA256d8a80e4a3fecb4e6dee23c2c8ede93c79dc21319077762d6c4eec8b1b09b6276
SHA512c6b039a4e077d1607349a1e13510ecbd271fd9a8d23e2ef14ee87ef5540850f25fd17ab7a720701cb5f7366561a8a91d9678e3db5aaee0ef9f7b32f75c846522
-
Filesize
5KB
MD551da6976c686c17103b6d15ad44f2a54
SHA1367f199a73a78ed30f99eb3d046dea5b7ee6f6d6
SHA2560eb959093bf57be9c6ef1c6dfdfa8a5a0b3ac33df0cb6acf661d8397e0f8d080
SHA5120df1ff050cbf8f158cef3769e9826e9facbc5958008f96b4687c4b60d19cdf55538461a2fe5dc2615134a3c83c3654690fd32b18ae84d51b04282c90d0b055d5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD579ea9eb83860d6ef084e85a51ada032e
SHA18cc8cbab703b1495e62941286e54279ff42ffb09
SHA25604de53e47b0773eeb7283d2466939145ab4486bd665ddb92b3b549c0ccb22966
SHA5122b8542e24014cc8bedff474cd3c607814aa6e127b8da612a13eaa02a0e043abfef396f619553d2dd8392d54a21aeba64e3eb4c3b2fb323905dd042b6a4ec394a