Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
4c799b947f081235d368c4912644629e_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4c799b947f081235d368c4912644629e_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4c799b947f081235d368c4912644629e_JaffaCakes118.html
-
Size
10KB
-
MD5
4c799b947f081235d368c4912644629e
-
SHA1
52fbf6d111ca2f2e18728e1ceb76325c9eae53ca
-
SHA256
90af5c108387b58a299fb57469dc77c186094a950a2c2184a682de332f168588
-
SHA512
8ee799c6c7d77f1b1d67a5ec39eb334f112adc2e6ecdd0df0bbfd8b242713aa1fb3feaee7147a5826e80057242b4d91ae1ff8b29f9fad2083278309643a2ec3a
-
SSDEEP
96:uzVs+ux7KpLLY1k9o84d12ef7CSTUpzfym/Hl5mX1mtTBR8BqYEBV1BBBoB1aZBl:csz7KpAYS/LgaFlYqDlWN9okYBb76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1216 msedge.exe 1216 msedge.exe 2784 msedge.exe 2784 msedge.exe 4356 identity_helper.exe 4356 identity_helper.exe 1164 msedge.exe 1164 msedge.exe 1164 msedge.exe 1164 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2784 wrote to memory of 1076 2784 msedge.exe 83 PID 2784 wrote to memory of 1076 2784 msedge.exe 83 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 384 2784 msedge.exe 84 PID 2784 wrote to memory of 1216 2784 msedge.exe 85 PID 2784 wrote to memory of 1216 2784 msedge.exe 85 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86 PID 2784 wrote to memory of 1204 2784 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c799b947f081235d368c4912644629e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0b3d46f8,0x7fff0b3d4708,0x7fff0b3d47182⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12154885492164226517,12677628691676043168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c00b0d6e0f836dfa596c6df9d3b2f8f2
SHA169ad27d9b4502630728f98917f67307e9dd12a30
SHA256578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1
SHA5120e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da
-
Filesize
152B
MD554f1b76300ce15e44e5cc1a3947f5ca9
SHA1c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7
SHA25643dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24
SHA512ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a
-
Filesize
6KB
MD5b74bfecf044623426676551af04eb51d
SHA1efee7bc128250f7342bb841e4b61c4678045d075
SHA2567e9197e969fecf6205a11ef07d7dad6ab7b2bc3138995d59cbbb1eb6f034ad8d
SHA512532b136c13754766a5bad51c8a8a8fa80754e57f6c7994a5e9d59ac4b2a9611a7c96305860e0007ed7de00133d0eb254ab04ffeec9a765aa05e9a9ce2d9545c0
-
Filesize
6KB
MD571268ecafa7d2c5544fb8fea45002836
SHA12972e54a198b1f21fbb340bf59d76b049c45d5fb
SHA256fc1dc57cf31e8fcc1ffc53e7cb778f75c9e7acfe4aff20234d25ee8babd079be
SHA5125aedd84305b49adeb3d380ad4d524dbcf2685575c3d5133d7a71b70a79c8d5d0de007a667d9b4af9d980f40e47bd26dcc4b10406eb4be1e4243e9017159dd58e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5f3bd2471a5b8c7a14af668e77d5c6778
SHA12b8702b98c7498a6e456687d10c2607a9153c984
SHA2568c1b02de1143c0f7391b1f1856401bb96d162347262aab636520a62462c83072
SHA5122750b7538de6bbfb96ebeb13542f39a650b612eeefc4783882abd89d9423a99c5a38f23c5a62c301273e42323fc1c9b7eab8c189e3c92790e8da6b4adaa41bdb