Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 18:03
Static task
static1
Behavioral task
behavioral1
Sample
291aefe8538e4be3be5f9b1fdce57922_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
291aefe8538e4be3be5f9b1fdce57922_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
291aefe8538e4be3be5f9b1fdce57922_JaffaCakes118.html
-
Size
1KB
-
MD5
291aefe8538e4be3be5f9b1fdce57922
-
SHA1
4ac6090934e3d2604e69368a8b85f9749d077867
-
SHA256
63cc43ecee3f308a94b7e86307fefb50e094bfb87251c8fbbf7779c6e95f0a02
-
SHA512
b6447e3d5cdab56c9b0a3137c27e1cbe30efd47e87adbf856d61c8f647c582f97fb11eb46d133aceafb9ad279451bdddc6d1e9a45ba552670ed9401a2711325e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1632 msedge.exe 1632 msedge.exe 4108 identity_helper.exe 4108 identity_helper.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 3512 1632 msedge.exe 82 PID 1632 wrote to memory of 3512 1632 msedge.exe 82 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 3032 1632 msedge.exe 84 PID 1632 wrote to memory of 1120 1632 msedge.exe 85 PID 1632 wrote to memory of 1120 1632 msedge.exe 85 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86 PID 1632 wrote to memory of 1524 1632 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\291aefe8538e4be3be5f9b1fdce57922_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc09346f8,0x7ffcc0934708,0x7ffcc09347182⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:22⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:82⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:82⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1688821658260963405,9983683689342842086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4032 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4900
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fbc957a83b42f65c351e04ce810c1c11
SHA178dcdf88beec5a9c112c145f239aefb1203d55ad
SHA2567bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128
SHA512efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce
-
Filesize
152B
MD55b6ff6669a863812dff3a9e76cb311e4
SHA1355f7587ad1759634a95ae191b48b8dbaa2f1631
SHA256c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906
SHA512d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e
-
Filesize
184B
MD58ba84e3304d106169a04395d8eb926d8
SHA1b03747f70dda8572f01c08b416e31d4a2a5ba36f
SHA256f0510d89fdf9290a8ad2a03cded4447f3fa82b80b486367ff21877e5ec100275
SHA51235de11f55c81bd9c09a189698857481e63823329b8bee84d1abdd2f0855d80eb015720178e4bbe3b49dd9677929e5eca7bca0bbebabe12b8c483a32f5c23770d
-
Filesize
6KB
MD542c9510c240fbbf9920c5eeaaf72c400
SHA12040115bac6869bac5e707b9fdf59eebc5d1d23d
SHA256e57e5dfd9abef0c9db991dd36e0d6b334eb82d7317ac12ae05155f96a757a0b3
SHA512d30fd8b0fc04cec979e8316941375f6ec3c274e33f28ced7dc0d81d1abdbfca46bbba1364c299499709d384f639fea511fc532f093cbc1d67e4e6407560bacce
-
Filesize
6KB
MD5077dbb53682f490ffe5f4e4a20fffa61
SHA1d17b77dc2919f471264ff6a3db0273818a3b3946
SHA256f4a40ac9b9b49cd36a19ae4c04b22d14b88f1818aa7b602c4d84ec932264da06
SHA5125c97b69c456f8dd6303d67c521a5779d0c1aafb9e00aba288e1251c5797c95637ee7c048e11d32475a2ec9ce28fa2347eeaefcc94625db01cc9e164507a6ce43
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD578060fba3fac556310fb62cead6c0a40
SHA16eaaab23ededfe92ee54356eddc8869c63377efe
SHA256441fcde9be7b0761433828627a4992769e958eaf8b2b6e48154e62ccc91879d7
SHA512ed2727a3658464c49bfa85fbb020df25ea3da6988145416ef777ea3222f1fe594a3b55a88f4bf744c27dcbef5562f1d947cdf71e548c1f57a9596b66b8f40f92