Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 22:44
Static task
static1
Behavioral task
behavioral1
Sample
61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
-
Size
14KB
-
MD5
61b68da5b476edc11886ae0a0e72833a
-
SHA1
dfd9f50534fe361967c7570376a2d35d038d56a7
-
SHA256
f27704a1153d2f9fb11e2024e3778c1c863620379035513d67f84bbd4bb5dcd3
-
SHA512
87f4c9dea8a36c6949a21e0f07c919eed55378f9ecdcb01b18a97a82443f29b5d7304e01dfb5d41e2ad0f453d311979a48bfe8b56fe8f88af14e41b5ebf12fa6
-
SSDEEP
192:EI1f83pIwjZBRfDYX97qRHma0n79/MGd9gmGRw5XnSQsW:EIf83pIGZBRfEN7GE9/MGjgmGCxSe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 2912 msedge.exe 2912 msedge.exe 4852 identity_helper.exe 4852 identity_helper.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2912 wrote to memory of 4212 2912 msedge.exe 85 PID 2912 wrote to memory of 4212 2912 msedge.exe 85 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 2072 2912 msedge.exe 86 PID 2912 wrote to memory of 4428 2912 msedge.exe 87 PID 2912 wrote to memory of 4428 2912 msedge.exe 87 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88 PID 2912 wrote to memory of 3940 2912 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f3a846f8,0x7ff9f3a84708,0x7ff9f3a847182⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
709B
MD51a27631ffc1c45d988ac6173a32e066e
SHA103e444d4d8a56c3b50e3a36d772dd95172370183
SHA2568590f847341c534a82699265fa84c1cb66dad8af8bb7bb3fd3a312212a1e0b85
SHA512028cd21c8cba2125778c008f98dce84e5f8edce320e2dbd54e71fe112b2de21f7f2304684048c2ff27591224f7ae9b05681cb35ae85e3d2ea40994417f2b72e1
-
Filesize
5KB
MD5b9e142fe565af8193b3e4afcb5192627
SHA19f61886db756c32771ff4d3e640df67ca175cdb4
SHA25612cda18eb01caa3a941de43221052bb6f1f2e9f68aac83bbf90d8c6c78335c6f
SHA5128eb432e9857243644cb822ce461a1034d29f16d077451083b98c543398202592396ab38949574531b4aecdb602fa3e5ba8404d6a534fd91c8b07fb3d7b636596
-
Filesize
6KB
MD5daec484eb29b63f79b813d64cc2663a8
SHA1fc359cfcd16b2b3f6d39b4903a20ba52a9f71779
SHA2563e1b2fa04ba4e631dbf3ac75a62ae7ee50866e337bb83906d460086abe298a19
SHA512588c477b79c202be7d953837e64e8d65877ef4d0f13cc4205fb5e933359addbad8da8a66e69943398b21333f57fbbb7663e320bf9b0866e64752702745032d10
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD512725bed9fb317fd5d6e5e3f26fe675b
SHA1e2c6a69ba75bacd4b59a6d84deb06eeac9b58d33
SHA2563e458a0da23e0ccd7203311fb8cda1634dfc764fd181600ea0f1a725185f1577
SHA5124ca63c30b3ee82db564d275f30a38e2d09b4cc10a26107439f213dbc425f6e9d20286031362b83e8e9dcc0dff65b94d0fd1da6c3595f190d9dd71401cb2afb4b