Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
24/07/2024, 03:56
Static task
static1
Behavioral task
behavioral1
Sample
6a28c4256662b0618498e8661bc5306d_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6a28c4256662b0618498e8661bc5306d_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
6a28c4256662b0618498e8661bc5306d_JaffaCakes118.html
-
Size
208KB
-
MD5
6a28c4256662b0618498e8661bc5306d
-
SHA1
1e76910fe9f3f075fcf05048f72e66abfc04132b
-
SHA256
c560396e6ee01c7fed32555863f1fca95b5366fcd88ede51c0845212a5218fee
-
SHA512
4184c6f7cb227d340dc527b944e25cf5584763d781c9c4d90cac8b600401f2533ba7246c8cfb8c67887e4515080f3095fba65e36d887dbc688ee184d6e398b5f
-
SSDEEP
3072:yjxy3IQzDTuQ7AJQfxF3HneDzpoRglc2kOVq/BVqo67hj1h10BKanfwMu3gSQ3IA:yjgfxQZoRh2kOVq/BVqP1Igi5
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 408 msedge.exe 408 msedge.exe 4908 msedge.exe 4908 msedge.exe 1616 identity_helper.exe 1616 identity_helper.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 1736 4908 msedge.exe 84 PID 4908 wrote to memory of 1736 4908 msedge.exe 84 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 2872 4908 msedge.exe 85 PID 4908 wrote to memory of 408 4908 msedge.exe 86 PID 4908 wrote to memory of 408 4908 msedge.exe 86 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87 PID 4908 wrote to memory of 4660 4908 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a28c4256662b0618498e8661bc5306d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1946f8,0x7ffa1d194708,0x7ffa1d1947182⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16373517217435653778,1988203996223581961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
Filesize
478B
MD58713b246fc04b4e3e5b887fcd9eaea1c
SHA1e4659bc7eb85bfa2ee43323c22990f07aca23e8e
SHA256851e6fbe5d0ef98cf7580fd4a44550e09a11afeb7e16e390b560aed8f10db865
SHA512b8d923d20634d396dd72cab0084a06e0b6f8e1fa5fe695fc00c1493cab0964dd6133b11d1fa14c3ee4f46620ed25530ebf8d4a3b7fc2cd530c0928ce9a0d3f07
-
Filesize
5KB
MD526e25b6d977cebbe1a20053beed11f14
SHA1f765e8dcfa1e1f14732c48b289721f5560c283ba
SHA25676ec9f247c83ecc063175d76dfd03885318b10e4786b983eab9273af26499aac
SHA5125e80c9881b43cf19c47b1e679a21ffdd2469d556e78eb6793b19e9d223610f8f648e2c6b08666110938c892be62d72fcc0058e2bab94d040be89600bdafcd549
-
Filesize
6KB
MD57e5ec255f1aa5f4bbcec8036a3f510d0
SHA17ca1b96ba21eb459391db717e7b678c0858a8140
SHA256c9eaa1fbd61526ef4d9e09e5f4f18cb3a305dbff657caa48a4eb8eb4dc37d9eb
SHA512b3c749fbef53b970574d6857841801b4850b1bbde1691a68ca28fe1da7ca0d5eb9581baf4dd962c3781e383b51ef7be25d31f4f29c2a5e4871e5f82c8357dac8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5197d890b758c4c6d081fa8681fbe78b8
SHA1b572ab862efebd14ee86a751e1d64260d694d893
SHA2567c331fa4c4bb12063614f7032c417453775251d99e59f605b31e633e0d6b2d29
SHA5125d3de0a92cefd54bb5b2210fc037edcbcc84004d6205cd415f8d589bbcb04531a41d70ca37a00ab4a69a384e94a8af36f758995bd1ef7ff47529467f2d72f5c4