Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 07:17
Static task
static1
Behavioral task
behavioral1
Sample
5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html
-
Size
9KB
-
MD5
5af397399d81d1f6c33a501eaa7de21d
-
SHA1
7bb8a6eb525f56cb7f86156495019c3323c6af8b
-
SHA256
1463af0556914efd0dcd08534eab5f7c8c650024cb790d580a71e2e847f94837
-
SHA512
77f6768de07c1703267dbaa163d7b161e53aa29daa8a14dbee9ed91a335c560fa59da1319fa2812bfe73e605909d5ee18e08d8ae31f8d1b221941f369f3dbae3
-
SSDEEP
96:uzVs+ux7+rSfLLY1k9o84d12ef7CSTU3GT/kkZzps2k9ZslVHcEZ7ru7f:csz7WSfAYS/GknAWPHb76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 380 msedge.exe 380 msedge.exe 4332 identity_helper.exe 4332 identity_helper.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 380 wrote to memory of 3368 380 msedge.exe 84 PID 380 wrote to memory of 3368 380 msedge.exe 84 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 2324 380 msedge.exe 85 PID 380 wrote to memory of 3968 380 msedge.exe 86 PID 380 wrote to memory of 3968 380 msedge.exe 86 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87 PID 380 wrote to memory of 2036 380 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcb2746f8,0x7ffdcb274708,0x7ffdcb2747182⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14619408184067287413,475932120003304879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3264
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD575c9f57baeefeecd6c184627de951c1e
SHA152e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15
-
Filesize
152B
MD510fa19df148444a77ceec60cabd2ce21
SHA1685b599c497668166ede4945d8885d204fd8d70f
SHA256c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA5123518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef
-
Filesize
5KB
MD5ac75c9b42967809e21bcc964cf5fdac9
SHA158aa90ba3ebad53b8b666ce72aca4372dddd186d
SHA256f2285625689b3e29465ba0e3c33469304b98dd5a90cbe2f2d0405b109f17c507
SHA512b0ff371a906add3bf2cb9b1c0f9d139d85d42e6467e0ff6b3a1fa9357b9b0a77fce9e81be7f4304c9f36614ce8519c54d2d6eb7675c55a65034d41b81add01dd
-
Filesize
6KB
MD596c8192ef39fed10de68d2f76e43779e
SHA1b67e045904747d839ef43a872fab38a83455b74f
SHA256f35e411d6e1247f248e3fc5af35d20a9e06e999a55c92cd3c5322df73085f94d
SHA512eb061f6ff6a6a3be56488aae71cb0ceaf23c8d6273119706d786d9adb8e680479485e50da91137e881579c368984788c189d7d3cb6c6de29d27c9e995353b458
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5ad82c440527c819783e0edac3f120deb
SHA10fe6aa032dd7ebbaf0a1e36023aaa49491fd03f0
SHA256f042150d92b60df0673b6e5dbba2fee842101a68c29577f3a8cad3eaa2a7b311
SHA51217354731c055043e3ae7721c42211546ea4174cad3aaaa1c20ea9150a1548adf2fa02689ba22959cd2e23132f5d8a68142f58c1fafc113f16805d587928fe6a7