Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 01:12
Static task
static1
Behavioral task
behavioral1
Sample
3726254a3de16acbd4eed6c1968c4155_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3726254a3de16acbd4eed6c1968c4155_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
3726254a3de16acbd4eed6c1968c4155_JaffaCakes118.html
-
Size
86B
-
MD5
3726254a3de16acbd4eed6c1968c4155
-
SHA1
6791ef8a66984f60574cc40fe1657a6a255cc0c7
-
SHA256
58a7d9ac5e2b0f97d893a3dd94e09f7bc402af78cb827ffef2ec8d04f023e293
-
SHA512
32d1f20f68c668d981f9b4b73da0dbc4fba771b810477993aad6934e1d402c828f697b73740d497f42770a08fc22a0a9131ad2252b810ff8dac4e0916e409e17
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4844 msedge.exe 4844 msedge.exe 2412 msedge.exe 2412 msedge.exe 1220 identity_helper.exe 1220 identity_helper.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2412 wrote to memory of 912 2412 msedge.exe 82 PID 2412 wrote to memory of 912 2412 msedge.exe 82 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 3496 2412 msedge.exe 83 PID 2412 wrote to memory of 4844 2412 msedge.exe 84 PID 2412 wrote to memory of 4844 2412 msedge.exe 84 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85 PID 2412 wrote to memory of 2056 2412 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3726254a3de16acbd4eed6c1968c4155_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb51b546f8,0x7ffb51b54708,0x7ffb51b547182⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵PID:520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10113535410627759883,14676678347266913445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD536c00722b07d383099a860a7cdfea8ad
SHA1816554084431a9b86a9139897d454df072ed0a02
SHA256fb031670eb287e61715177a3b0512c7cab29b6997fcfabd30315ba5e9df86717
SHA51266ef071e9627d4ab039615d0919586305e96c49b40bedc75f7505752c0655ceb99c0e8f4a2e7f3ace75f8db90e6460d39bdc843fafc39f5980cc6e404c35e1bf
-
Filesize
6KB
MD51ceb5eb6605aa04507e48f390683452f
SHA19317ec809b224a3ceb65273c5971fe1900201073
SHA256b55c7752ab8a22e174114cc1ee82d2666f88f407eb6a90bdb5c9f22ea8a21748
SHA512bcd648e8f79390804eb8318ce6fbe6f875d7d3c9d1f9a862a20ab8e9ea655bbdf45aa8c7abb4a8afcebca2a8022ba07aefc8969b2abd5b34a2f1f8734eda4212
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a83c25aee14cf1d6a812aff2ad05c9b8
SHA116d6e275ab5a7d69e6bb7264662e773c4beff3ee
SHA256c04d9807d446976c27b9a73cf52bce644a76335de830db40dfc50dbfb89a0cc8
SHA5120fb3a01cc18cb7b33224ff725ece352fcef17c74f539c64c7d1edb34403dfa34b8a51b50fcd4e7f77c12456bbe87d8ed2aa6023c4510067579c1ac4a30565712