Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 19:59
Static task
static1
Behavioral task
behavioral1
Sample
61317341f70600726bc19b0ceef08a68_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
61317341f70600726bc19b0ceef08a68_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
61317341f70600726bc19b0ceef08a68_JaffaCakes118.html
-
Size
53KB
-
MD5
61317341f70600726bc19b0ceef08a68
-
SHA1
4a133a46e6598e4393a4ad6aa1b2c1ffdb16bbab
-
SHA256
2d7bf3a0a461afc0bb3359ed28caff9542296940d04714eb71776a5e24d05d13
-
SHA512
ee668d4b6a0fd75050c5608eaa9d0d601e382eeeed8cb99302e061791e33175ba6360a3149b439a4a515053b7606f366e0d9861cc8f535942f5af4031c8a160e
-
SSDEEP
1536:CkgUiIakTqGivi+PyUTrunlYt63Nj+q5VyvR0w2AzTICbbGo+/t9M/dNwIUEDmDk:CkgUiIakTqGivi+PyUTrunlYt63Nj+qe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2240 msedge.exe 2240 msedge.exe 1448 msedge.exe 1448 msedge.exe 928 identity_helper.exe 928 identity_helper.exe 1200 msedge.exe 1200 msedge.exe 1200 msedge.exe 1200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1448 wrote to memory of 4640 1448 msedge.exe 84 PID 1448 wrote to memory of 4640 1448 msedge.exe 84 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 744 1448 msedge.exe 85 PID 1448 wrote to memory of 2240 1448 msedge.exe 86 PID 1448 wrote to memory of 2240 1448 msedge.exe 86 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87 PID 1448 wrote to memory of 4220 1448 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61317341f70600726bc19b0ceef08a68_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe498846f8,0x7ffe49884708,0x7ffe498847182⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 /prefetch:82⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12789873230751448289,80657062461026146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
Filesize
403B
MD562e05e0189556dd7abc058ce3c03a8e4
SHA1fb1939f5c37474196ecdd20903812c57a5dcc4ec
SHA2569f7ea961e8eb3cc3315d2c58c4d53c81c911785d7525d1fdd9a441234e160b2c
SHA5127669171b6e0f80a8f3f637db3be29baa6af8b074a679b79eb4c0ee19e0a29f938f47e3f0ae552d860a66cfb47d1026bc30f059368ac4e0578f7869a246b6e96a
-
Filesize
5KB
MD5764f32cd5fbc01cc55bfbe73847478d8
SHA116c31196e57d8fba576424ce8ce91c9dec32739f
SHA2566218abf480e4c46b58592b7c66b76ca9731359c48084ddee6b3a66adad93f8bb
SHA51231c47acf48fb0d8d45dbcb92464257c81caff537583652835606d6fa349ca4d672b8826f1e72ee82db7753fa49436578673d465ae83b46dd763f975ffe5b7e66
-
Filesize
6KB
MD58cf94feba52ef421e5efe1fe5a97bd79
SHA183e92ca03a139a35cd4215b6ef140137b7a5157a
SHA256b66bb729d2edd9d649e558c120a4fd5102d94e4122e388e16b120c3dfe342459
SHA512fbcb28b0093b4b863fefda860c73bca76c2e0990bfc432cb0d8e7a0e92cdc2f8d414d4a6ec354104fbb71ca09d00536f6c4610d1901eb618b0ee5f5871f531a4
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5776cc2ffbb6b6b68c8f09f4710444151
SHA11650eb5b537136995f487cd1b82337fba583ff1c
SHA2568f3a550c610f63c42092f8f485897f009c83fdd09fd6fce08951d4fc53e293a3
SHA512dd2b3b503433be930a6601200bd16827060ac7d6734a9bd3e597bc78284c1342d2bdf5a2081b5a72ac973f4ed79c0f5e421073a2e5ce443d86325d3fa329dd7b