Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 10:44
Static task
static1
Behavioral task
behavioral1
Sample
3465ab215ac057d24500bd13b4fcab60_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3465ab215ac057d24500bd13b4fcab60_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
3465ab215ac057d24500bd13b4fcab60_JaffaCakes118.html
-
Size
34KB
-
MD5
3465ab215ac057d24500bd13b4fcab60
-
SHA1
6723b72961ad62364efc0aeb3d7ea143a4a70011
-
SHA256
60b8894822578279521a06ef594eedee1a4d41239ac803cdfb224adf97a3dae9
-
SHA512
51b98b895a03c5361306b59e281dd561b083e7d35499253f0a962c4eb61ba2463e20f47d640fb6ebd156303b5c488ab427967473ccb2d83fe1ff093751a085e8
-
SSDEEP
192:uWTvb5n3cRLnQjxn5Q/3nQie+NnEnQOkEnt59nQTbnFnQCXCGArw26k5195+Z6mx:jQ/v1tw12JhGTRTpzqOW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 5048 msedge.exe 5048 msedge.exe 3912 identity_helper.exe 3912 identity_helper.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe 764 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5048 wrote to memory of 3820 5048 msedge.exe 83 PID 5048 wrote to memory of 3820 5048 msedge.exe 83 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 1008 5048 msedge.exe 86 PID 5048 wrote to memory of 4988 5048 msedge.exe 87 PID 5048 wrote to memory of 4988 5048 msedge.exe 87 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88 PID 5048 wrote to memory of 2636 5048 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3465ab215ac057d24500bd13b4fcab60_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90f5246f8,0x7ff90f524708,0x7ff90f5247182⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6627837182882321904,11289930295998652360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1556
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
6KB
MD5e5814aaa710f79610357f1d4732029e4
SHA1fb15bea0476fc22f91b8543194c5ec0138e11ef0
SHA2563cf539979de2ebd67ef8be7ba81a42f8d0145fe86991a145efc88b0b6e61835f
SHA5122a6f7ea69a0b44a18f19e76cfb69eaf7a0ee29f6dc1779c7ab5d75cfaa8c49392b5823653456741a8e80e7c2a5e9e128bfd3639d8daf348d7b65913aca1a4955
-
Filesize
6KB
MD59b5bc866a2d80899350cae58afa148ed
SHA15884582cb5492f1976a3ec374c3aa825fc6d452d
SHA256a3940a8a1eb81a4360b8cf12b7b43157c9f8c88873e86fdcdcf02428233f846b
SHA512089a46dc6f98dbe837c72cefd950c26c943eac8d1fed81176dc64e588e08c280294b06febf64825416303e013b64d9c384c1d8a2ff80ec9c52740a8ad7b195fb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ac2ba16b99e6e1fa7777e07c02956a7b
SHA19f28a1e707273e38ccbd953f9d8706b20f303f6f
SHA2561767298ca5b78dac74968a5c3b4cadf48a4fe7d00425bc9b70900acfd6f9c5df
SHA5129e3652f4e32a0adcc6ebe0495109c627bebcb3b38c8ec096a84ad30ce01d8ed9cb3b2f9e8c452d6203d43be58066523171bd4f6adbc22ae579bad08f6416d5e9