Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 07:23
Static task
static1
Behavioral task
behavioral1
Sample
072ace9b988b5e07b5f4360f5d13fee0_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
072ace9b988b5e07b5f4360f5d13fee0_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
072ace9b988b5e07b5f4360f5d13fee0_JaffaCakes118.html
-
Size
58KB
-
MD5
072ace9b988b5e07b5f4360f5d13fee0
-
SHA1
86a1a06836457c5a1236b48ccf88a669816a2919
-
SHA256
1a2f3b37b2b91e164bf4cd79e26af43ee48760f3458ea75252151856401ca7db
-
SHA512
d9acf6bade134a84e0e6023e5d07d97d8781705156beff518e1a1872f69a71954b52e3e46390f41d8239469cd8fb158c8d6b14f886c8820145f4b618a3733679
-
SSDEEP
1536:gQZBCCOdo0IxC0PEOftfwzfrxf8fcf/fifZfFfwfEfLfVfcfLfxfdflftfpfEf2H:gk2e0IxbF4z1UEnKxtIsDd0DplNVB8uH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 620 msedge.exe 620 msedge.exe 4876 msedge.exe 4876 msedge.exe 1788 identity_helper.exe 1788 identity_helper.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe 3468 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe 4876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4876 wrote to memory of 4628 4876 msedge.exe 81 PID 4876 wrote to memory of 4628 4876 msedge.exe 81 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 3212 4876 msedge.exe 82 PID 4876 wrote to memory of 620 4876 msedge.exe 83 PID 4876 wrote to memory of 620 4876 msedge.exe 83 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84 PID 4876 wrote to memory of 1112 4876 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\072ace9b988b5e07b5f4360f5d13fee0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12ef46f8,0x7fff12ef4708,0x7fff12ef47182⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8549480411928284635,17307044948783578280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD56a27925cfb5fd6e8bda7f18ba8ce56b6
SHA14441c57e31bcb60d0f6a6b2b825a8025e2a45692
SHA256aef2b4892565cac6467510d703f987c3605064ce195388fb9de85360bc50adff
SHA51231620802736ad5eeed227d7af3ac7e8fdb120b07b18df9eb7da71cb78ca7f884c46b8ec001126bcfb958fa90690bedf87261391f7550d2b57f1ab2ebd66c5402
-
Filesize
5KB
MD5b35afc3b3326e45ae6f4ddeecb432015
SHA1392f2f4708a11c819ca4f0e21b4e2f76df17076f
SHA2566a1de38cf36822d891840c91c359a77a536cf7c99590197851db40cb51670178
SHA51272f529704be61d9a6c4809b4d848bb708abb669ef836535d177f7842d174f87db5ed2721e2c0813b7b6b09fbdcc9a067b6a987eb1dc59979fe7dadc673f3b36c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD555fed63e7c7cc517c9958b0529ba115f
SHA1c19a8c3aec876bc278fe6c2135913f36feb6f2b0
SHA2566f87d6ec9a7623df10b5e4c50fafc298cee2d040a02801196c789610da003a92
SHA51297b549dda625087db4cd16b8e1429e6fa385c1f981d019465645e737de37b6ca99b9961d2519958ab48f9e15b461ae97ab100b124661de332a52f8c566242746