Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 10:28
Static task
static1
Behavioral task
behavioral1
Sample
3003277aec0cf7e5fe92b76946b4244e_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3003277aec0cf7e5fe92b76946b4244e_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
3003277aec0cf7e5fe92b76946b4244e_JaffaCakes118.html
-
Size
31KB
-
MD5
3003277aec0cf7e5fe92b76946b4244e
-
SHA1
2f44326f37eba02501107adcd55df8727b00dcfe
-
SHA256
4531cd559448acdd8ddf734f9343a81a1658f6fbb0f50367afa42ae3fe6744c1
-
SHA512
2a05ad44a3ebf8e4bac53170b446c01c557dacc71130ce1ef3680f56aa4201daa2eb9a9661fca646e085ad14e86eae8367ed75b65131fb44150ae24c9a7a284f
-
SSDEEP
192:uwTT1b5n3w0AnQjxn5Q/HnQieuNnqBInQOkEntptnQTbnFnQmSfxkAgTON2SzUNb:fQ/QFIxkAgm2S81Cs
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 4912 msedge.exe 4912 msedge.exe 2968 identity_helper.exe 2968 identity_helper.exe 4084 msedge.exe 4084 msedge.exe 4084 msedge.exe 4084 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4912 wrote to memory of 3276 4912 msedge.exe 82 PID 4912 wrote to memory of 3276 4912 msedge.exe 82 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 628 4912 msedge.exe 83 PID 4912 wrote to memory of 3664 4912 msedge.exe 84 PID 4912 wrote to memory of 3664 4912 msedge.exe 84 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85 PID 4912 wrote to memory of 3624 4912 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3003277aec0cf7e5fe92b76946b4244e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9336646f8,0x7ff933664708,0x7ff9336647182⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,279149778302358606,5661141267991615582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4084
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1096
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e1fe3a26bd35b84102bb4203f31e74c7
SHA145fdfa8433789b575eb64e116718e62e0e0cf4a0
SHA25626e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee
SHA512d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd
-
Filesize
152B
MD52915233ace3b11bc8898c958f245aa9a
SHA168c6aa983da303b825d656ac3284081db682f702
SHA256b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e
SHA512e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890
-
Filesize
6KB
MD54b76d8913ba837052babde499224d264
SHA1e092fef0fd010255d80e020ad81007b4597cf3ef
SHA25616050e82d500173067330818778a8f8632e00a2c72592c0a57455fcb39488db2
SHA512728213e44646311ec5478cb574701aefbe20416c45ee37a907856f587d302c364ca08b375f3c9d1c24e8fe0968897cbad23934715cecd1aeedd41fccb7f93a37
-
Filesize
6KB
MD56b18e8dd7c8ae56a96fab032b9c290c4
SHA12d90e616bb21d790cffecb9f98cffcd0bff51033
SHA2567e72a55accb98f97bbd75a467193dc69d48fffd08a1bec1c9d86f5c098b7d70c
SHA51222b54eb1ede1ed6bd5545198be92b882b1d86b0e6d86d80d21afc7f92318dfe4521e7167a4fb37919a20d41aa256d07a336acce62e02b1561adec70673f07085
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57a430764ce1eaabb23bbb857e1985690
SHA13edd841b984c58c846376646d34651c9f5742585
SHA2567169b8933af1a38e87206c4aed15fab1f87fe7f4b6f15ccc2b0ca02b1166d767
SHA51269257b0b708c44741de81fc8581b7f48f33ea3257947927a7e8c61e30b66929f0e54bd62b69dc862ce055275ccb86a4371dcbdf5eb0b3903e23dc04ac5fabdff