Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2024, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
663de5c53e22543ce7198c062587b0b4_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
663de5c53e22543ce7198c062587b0b4_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
663de5c53e22543ce7198c062587b0b4_JaffaCakes118.html
-
Size
19KB
-
MD5
663de5c53e22543ce7198c062587b0b4
-
SHA1
5ad888bc4a38906b35a42d660991044d2e2cbc85
-
SHA256
4a4fa56d33c2843db19d96c0f5da05d7dee3da1e2c42d6ef44655f9f54ddda0b
-
SHA512
248ac4409d59ed4c030ff3af09f3eab5340e112fb0dc08362d9aed815cb8ba7233016ec9affc1c3b3917607bcb6ba322e15664c25e3de88ec7dac5b55be0bb3d
-
SSDEEP
192:KYak/aQHyHqB/6hqH/2Dgq9RZX084oTxjR428cH02yI8zm4jHgfnWuocdZt3CBLU:KGrFu6Agq9vnTxsa87Li1dZt3gHYUEX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3808 msedge.exe 3808 msedge.exe 1180 msedge.exe 1180 msedge.exe 2876 identity_helper.exe 2876 identity_helper.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe 1500 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1180 wrote to memory of 3568 1180 msedge.exe 84 PID 1180 wrote to memory of 3568 1180 msedge.exe 84 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 1960 1180 msedge.exe 85 PID 1180 wrote to memory of 3808 1180 msedge.exe 86 PID 1180 wrote to memory of 3808 1180 msedge.exe 86 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87 PID 1180 wrote to memory of 3616 1180 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\663de5c53e22543ce7198c062587b0b4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba7e146f8,0x7ffba7e14708,0x7ffba7e147182⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16456407389781854108,2011699357494271180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1500
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1664
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD531cd14f6291dd846b608bcce9c9fd3a2
SHA14700001b78b5b49e4eb78b255ee7ec78f34bcc60
SHA256ce1b93a29752330549ba9cd466d6cc78af52ae1781b69616c99b18767ce1aa66
SHA512774015927e19dd45a68a3367f47a6fd10ea60a9ce49a8a65d99233dface25d9e4d9a2cdf3bdc3d681a743da3ba226f7996e3173f653017bf6e8c0bd731bd71b8
-
Filesize
152B
MD5eaaad45aced1889a90a8aa4c39f92659
SHA15c0130d9e8d1a64c97924090d9a5258b8a31b83c
SHA2565e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b
SHA5120db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4
-
Filesize
152B
MD53ee50fb26a9d3f096c47ff8696c24321
SHA1a8c83e798d2a8b31fec0820560525e80dfa4fe66
SHA256d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f
SHA512479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5
-
Filesize
928B
MD518ac46ae63f4bb1bf33cf40e52866d8f
SHA13c40d1e57640ead8a94e6e41854bf8e3771d471b
SHA25679ae9488ea626b15fce1689fef695031cb4692a57143ed89bbb73f8a97bebe72
SHA512246598ca887dd1fede34687f153312965b42bb223d1279fc86db952772166060a2ff3bc38107eeb46fdcc0fa88aef17f359ca7bfd01105ccfe77096af72f056d
-
Filesize
5KB
MD5c85b4dba6a9abde76e5e3678f5190e7a
SHA1c2542b6b25b05dff2e0918065ed006e970a546d6
SHA2562e2f9cdd436bfa1155c9b2f12a67975d78101404d218e3d11d57ee0d1cd83594
SHA512db31aedc563837d07071a7dd8f8f54f4f6e9df7a14a8c1a74c838fcd93bb24495320fc97523dff6a795ab4e066833632234f6312d8e437e2235eb57f4f893402
-
Filesize
6KB
MD515254da55592b9b0a9750e15246a6e5b
SHA1f4fcc94907f04f93801a7e42793746fe2ad1bd40
SHA2563d9da0deb9c3cda48495c2496c2aeddfb8759a613ebea1f02ee94f4e674cba23
SHA5129b7f7170676d392bb59305cec07880d3106b7872f71811f74d823151965e958277974f83ac83ac2d034b925ab501abdd30f8f17ae92ebf0a8648928c000cb8b9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58b745d9967f3358cc29360bf4350f465
SHA1a37f96560f1c9d12a3d7457346b052a845a7cf30
SHA256f69f4b71bbc8868ec37bf29a302ec79aed5ad5fdf25a416b5a7bd7a14097598b
SHA512c1ddad8c85a385d14bb3d56a713bc5aef84ab5c34eaef78c6711f30e1a7997728db227b381a540b479065f8f187438e677ffd5167e889323130ce85752b3902a