Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 04:37
Static task
static1
Behavioral task
behavioral1
Sample
02da865df84100bc5431345c382ed290_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
02da865df84100bc5431345c382ed290_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
02da865df84100bc5431345c382ed290_JaffaCakes118.html
-
Size
20KB
-
MD5
02da865df84100bc5431345c382ed290
-
SHA1
d1a5d2ece93a2b2a8646a7cf8811211ebcc6269e
-
SHA256
6e6ffa89d1d3be27c111d003abb8aafb2bd78845e05452e37629dcc712555d39
-
SHA512
5a21dc1548a7906c5f1a2151dff6714494bd91fafba2843ba6802ebfd341ded12a1571c06d47481c4b29a07be21d5dc00c967ffcab1459dffd97bee791a3db54
-
SSDEEP
384:aG0Kf86VBphqhhLIo8Pw9U719S69BMGZd2mdelqEhJ:d0KfvphChLIT7DNTMG/qLJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 460 msedge.exe 460 msedge.exe 4652 msedge.exe 4652 msedge.exe 4348 identity_helper.exe 4348 identity_helper.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4652 wrote to memory of 4416 4652 msedge.exe 88 PID 4652 wrote to memory of 4416 4652 msedge.exe 88 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 3008 4652 msedge.exe 90 PID 4652 wrote to memory of 460 4652 msedge.exe 91 PID 4652 wrote to memory of 460 4652 msedge.exe 91 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92 PID 4652 wrote to memory of 2572 4652 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\02da865df84100bc5431345c382ed290_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb18af46f8,0x7ffb18af4708,0x7ffb18af47182⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11990611417041495607,3716526313237600774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD5964a80d6ac416d99d82a7581b859395d
SHA1d4bd8ed750ae2f463fb69676ec79bce062efadac
SHA25632c6a076e44c1ca5ec29be1258eb0d8610acbdfb075fe90b5834efcde2bc0c11
SHA512d3da18a685cc8dc3b78bbc0442f174eec61fcfb74188a5320dad6ae9ffe8310604fb44507b6da9e8af6366f0f1e3f973d609ca00942f3817c6c6218aac29312d
-
Filesize
152B
MD5257c0005d0c4d0bb282cb470925e4376
SHA1f9b8efb511ed64292568977c9f2ec255509e8f7d
SHA2568185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22
SHA5122f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4
-
Filesize
152B
MD54819fbc4513c82d92618f50a379ee232
SHA1ab618827ff269655283bf771fc957c8798ab51ee
SHA25605e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c
SHA512bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b
-
Filesize
928B
MD57fcadfa5dcab8b204df482c6797fbe00
SHA1425b1ffa65f5a83b25f76124c89615e232338def
SHA2565683b1ae218b4c410e3cb6eda00a5e7cc5f28d72124ded6ab26032af7d2db174
SHA51200c71830cba84b7c21e2e52d1b108fc33e655d617d16cfd25f9bf79bcfcd4ca8b28ad57ed09d1cf5e433ca032c00e7255c22385585cc23b0b4adac26c86c43a7
-
Filesize
5KB
MD5e083701f6f41c22e91d8fea07540dd23
SHA1cea92a194ece041afc00033bb280c014560cbfd3
SHA25655b7e4078a57371f9363b60111af7357fc2ba26774144852e5b9b6590ebeb0ee
SHA5122c618f8796dfca464015bc47be137bc863df308fc442dedd1b6d9cdfaaade3c05bf44c40cefcf5baaf6fca501e62cfc1e2edaa177a3859970e686810cecc1083
-
Filesize
6KB
MD597e5128c06e5eafc15ce3360e0b73292
SHA1a85df6785f0dc39ca2a23d4fecd0cbbb8840c6f2
SHA256730ee6c826414fd0f1dac121d6ab6ecb27227eea0161c7f1033eeb058fb9ca12
SHA512c3a54420177d9f4794627c2c51d6f37a574910e1d37a744d2f9d924e1906cee2007d8d16e998977a7222be354699627bfeb498aba494a3e4f37edb68b07f90c8
-
Filesize
24KB
MD595cd1581c30a5c26f698a8210bcab430
SHA15e8e551a47dd682ec51a7d6808fe8e0f2af39e86
SHA256d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9
SHA512e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD549483e46564a977ca8e2026c311c934c
SHA190849a2b3bc2f3802b430d3fffac3e1337fbb948
SHA2560a27e108271f23f00c2e6ea2a4749432019f9876ad4b67f2ed8689879133183f
SHA512daf8affc421f10caf94d216a8a37990a45c675c24b43cc44f95573a5333a8bc430004a3d038e7d35c6dae7a27a7cbdb3bfba19af626fd778fe59be0c4c5b9298