Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 12:04
Static task
static1
Behavioral task
behavioral1
Sample
63294992fb88c4a2ee41e815ca24421e_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
63294992fb88c4a2ee41e815ca24421e_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
63294992fb88c4a2ee41e815ca24421e_JaffaCakes118.html
-
Size
133KB
-
MD5
63294992fb88c4a2ee41e815ca24421e
-
SHA1
909ea80e823c0ef081056c5c454717487e3550b1
-
SHA256
4af97ce5e52bf74822d1e3f3724c38bc44b237cf6eb0dd4f4b469b1afd9d88d2
-
SHA512
c50836500acf97fe40a772e00c08cee2425ed1491e21fb00900455659fa625a23b6fa7a90c8cc6ae6e3a387a298761ad3a8b53b763b20a55c309d4589daee5e3
-
SSDEEP
1536:S2Mr1IfQZU8joAyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SBr1uQZ1yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 944 msedge.exe 944 msedge.exe 792 msedge.exe 792 msedge.exe 2460 identity_helper.exe 2460 identity_helper.exe 3520 msedge.exe 3520 msedge.exe 3520 msedge.exe 3520 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 792 wrote to memory of 1888 792 msedge.exe 84 PID 792 wrote to memory of 1888 792 msedge.exe 84 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 936 792 msedge.exe 85 PID 792 wrote to memory of 944 792 msedge.exe 86 PID 792 wrote to memory of 944 792 msedge.exe 86 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87 PID 792 wrote to memory of 1184 792 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63294992fb88c4a2ee41e815ca24421e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb038646f8,0x7ffb03864708,0x7ffb038647182⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3635898476280266503,16410996181998478035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c00b0d6e0f836dfa596c6df9d3b2f8f2
SHA169ad27d9b4502630728f98917f67307e9dd12a30
SHA256578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1
SHA5120e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da
-
Filesize
152B
MD554f1b76300ce15e44e5cc1a3947f5ca9
SHA1c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7
SHA25643dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24
SHA512ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a
-
Filesize
6KB
MD504565538026943e025c676b652650a53
SHA1f474a06c01897be8c0ee3fce7a1b886d8360d271
SHA2563433257c7ce1d2915052892372cd4d64372b0e5765837a5bf5d41af616566a97
SHA512b482a89b5df8a9a40e42b268f7c4a98e54fc5a2b6249a7adfdbb12aed0e06743ea1f78727835dd6faa7ec1e9aef864b38733a1cf6aedc2f857d3c35302a01f2b
-
Filesize
5KB
MD56bee3d358ff9b073d444dabd8967ff3d
SHA117dcae3f46631a8f0890402840a2a607a1fbf1c3
SHA256318ec100a38902514e37507d97c77074ee7c62dd2ac5a317a0a9baf1d1562354
SHA512be841371bc9ed0ef157291e9169c4aacb2f7ed3cbafa9faa6a60b2d6bff27309bbd254c6a592c29ef6807ae4f026bf4f446853c0b6010d70b6371c798b386d61
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ff6316ebdf79aa19d660e6144b72544e
SHA15d238857e6154c78a40ba4faa20b7255d437ecdd
SHA256265e8147546b6ea75c59023aba9a4588ffbc4161066373ac3be9a16291140da8
SHA512c363e047c2bf23e240e37276d28e26ffd6c22b72e7a201a88c348a83cef9745327ccbcb2a1eed62b0a53aac0883367562d03cdd3e24a68a05dc4a066d59fbef2