Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2024, 20:44
Static task
static1
Behavioral task
behavioral1
Sample
26262a55e726276c84c4e33ad5240420_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
26262a55e726276c84c4e33ad5240420_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
26262a55e726276c84c4e33ad5240420_JaffaCakes118.html
-
Size
5KB
-
MD5
26262a55e726276c84c4e33ad5240420
-
SHA1
30d08591f72986c100b1385120a86aeb51890075
-
SHA256
a3cf93a32c9044d7b07ed5d1be2bb443a5ca46e69d4635c19d040a7fd8286972
-
SHA512
fb727479746973f9235816eeea356196402c213210b5f4400adb25f33a59ba35b721fab97416cf78eac1c3b74854465fb570a3b065013afa7fc74e667ca6be71
-
SSDEEP
96:1IPyCQ6oISUKzvehCZGaXbrI/zvXdC+ioAaKLah3xVFBcD:1Ie6XS47aXb4zea1q
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1384 msedge.exe 1384 msedge.exe 4984 msedge.exe 4984 msedge.exe 1032 identity_helper.exe 1032 identity_helper.exe 904 msedge.exe 904 msedge.exe 904 msedge.exe 904 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4984 wrote to memory of 4396 4984 msedge.exe 80 PID 4984 wrote to memory of 4396 4984 msedge.exe 80 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 3116 4984 msedge.exe 82 PID 4984 wrote to memory of 1384 4984 msedge.exe 83 PID 4984 wrote to memory of 1384 4984 msedge.exe 83 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84 PID 4984 wrote to memory of 2784 4984 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\26262a55e726276c84c4e33ad5240420_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd47a246f8,0x7ffd47a24708,0x7ffd47a247182⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:82⤵PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10522201617012146279,4590526992551835159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:904
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f0f818d52a59eb6cf9c4dd2a1c844df9
SHA126afc4b28c0287274624690bd5bd4786cfe11d16
SHA25658c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61
SHA5127e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509
-
Filesize
152B
MD50331fa75ac7846bafcf885ea76d47447
SHA15a141ffda430e091153fefc4aa36317422ba28ae
SHA25664b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a
SHA512f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2
-
Filesize
6KB
MD54387cf01fe4630f3c0daa810c2cc11ae
SHA1ac6a960b297fabb8efab8dc298f22812a968c33f
SHA25639b786e6635f441831e6b727eb99b88bca1cacfa1b357c7a341f87f13a7fc88c
SHA512540892742b7d33ed7dca169059600a6cb5c8a16528d90248f6f165bbdf0c2abba2a42da2ef75c73335e4f1d92c719ecfe4a3488a5a317da76adc2bf633abf53b
-
Filesize
6KB
MD571da4ba62677f6dceda10f0c2ef6fca0
SHA11270aa0d3a7f22580e6c51e6e3a2002e432348c2
SHA256a40101b20c68e8a4239352ebcf8ba75e21b703cb9358645f29f85bf86168517e
SHA512a4e99b598179259d4b3d3bc2ff5fa3a636df93203f2ccdb54da8d398579024e23ee7bdbcf57dbdd9b40098c64d0c374c39b53edb7fcbae7ad88e896088d3d180
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD50c8d6e4cfe666280c7f828c9e233a246
SHA1ed847f8933637f1783d023f4c34290570c9ba7a3
SHA2566ff7a3405c56c1d78fcf5400b992c3c03ae7be8be606d1c282cbfde4553fa412
SHA5126acde36ffe4ef57657da63a3594ef5f60b7fa773bbc6a11212b5d797903487c774c5baa5a5c271c2cd2976c060256b87ee4d73ec0ce8108ae65fb1682daba787