Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 09:17
Static task
static1
Behavioral task
behavioral1
Sample
6efac203b430bab2b90d95fd97d05d57_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6efac203b430bab2b90d95fd97d05d57_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
6efac203b430bab2b90d95fd97d05d57_JaffaCakes118.html
-
Size
31KB
-
MD5
6efac203b430bab2b90d95fd97d05d57
-
SHA1
bf020f8a383e2a0895330a4f05d436e0ec83ca23
-
SHA256
d860e42328be358847ea260266e1db30c94e4ca69247dc751568ebe7d99e2999
-
SHA512
f29ba62df18613cac4aafe94aebf60f82ec6f6ec6bb71f2f93eec2c771383b0e05f0d2643d94b37355db8f37e0a11e13832f05730a8d3b061385dd007c813a9f
-
SSDEEP
384:Jda4V/HkloMHjeznnnNvNyLfNvNyGn9RNvNy1nnrNvNyYnnDNvNysnnlNvNyAnnY:JtVKjeznOn9gnVnRnTnV9Kihr50vn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2092 msedge.exe 2092 msedge.exe 4776 msedge.exe 4776 msedge.exe 2440 identity_helper.exe 2440 identity_helper.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4776 wrote to memory of 668 4776 msedge.exe 84 PID 4776 wrote to memory of 668 4776 msedge.exe 84 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 3452 4776 msedge.exe 85 PID 4776 wrote to memory of 2092 4776 msedge.exe 86 PID 4776 wrote to memory of 2092 4776 msedge.exe 86 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87 PID 4776 wrote to memory of 3440 4776 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6efac203b430bab2b90d95fd97d05d57_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd4fa46f8,0x7ffcd4fa4708,0x7ffcd4fa47182⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7293941851102501548,9626897584042821973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52f842025e22e522658c640cfc7edc529
SHA14c2b24b02709acdd159f1b9bbeb396e52af27033
SHA2561191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e
SHA5126e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05
-
Filesize
152B
MD554aadd2d8ec66e446f1edb466b99ba8d
SHA1a94f02b035dc918d8d9a46e6886413f15be5bff0
SHA2561971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e
SHA5127e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994
-
Filesize
641B
MD5712dadba5a39228c5cf18dd0b940a35e
SHA159b9bb75c3dcce0ee29fdaf89b8de6abf16dbe70
SHA256ffa20b5fe6f6c5cf62cdc9057caa73ac2ecee8ac4c4e56310cc6730eacb8aad2
SHA5124c7532322be26a140fb7cda7402c7cd5e3c53dffb0708aad45b7c6cabcc2f2b454e46efeac97e581d59d905a05d1ee73d8a4a2b873a3989a476dc86898fd723e
-
Filesize
5KB
MD5757580f6e0106aa9dd79e27dfa6d79c1
SHA1667aeb1eb4ea1fa45c318f840895d1f3ef8f489d
SHA2565c90c11196ba4ad0d65c2ac2d6b4bfd25cbaf6d77848f4dad6fb604a9701b45e
SHA512b0c5b605c2b3bfa3e247aa62eddbc9dfcc1265e12b20fd679e449bdfff68ab8135e67ce877234e23c365c01020adb69676baa0ed97b4dbf2618d5bcf7c10e842
-
Filesize
6KB
MD55c9c137498ff030b8d5bfd9a9ee19795
SHA1da007b6a6a0a0c7ea7f7895b6eee4c558dde579a
SHA2566c815f3b92cf6479cf2c372061fb85d7d4bb51e5836e13e605123343f095152d
SHA512cdb50b0f3ff9c26b9408da359770a9df04c4f2c6de7b7969eb90783a2de0c617ace8c3f63108ae3cfbd705486a07cf81c838d5592fd403fd6a4c1c9e142a2c58
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e3b84a779cf1004a40dbd6d381005dda
SHA1ca37c5fa9c70dad22d6c3a8eba9f44191ffa1a30
SHA256ba83b298ef1249fcc0dd825eefecfbcf4fa4329c640b4c815a4b5348605939d5
SHA5126e29b34118c496be875419d955d4ba7d8d516b3ee86b3580ffa9b13d3f061a0d11b1d85e9d5459f72fbba4b6cdc01c772ce84d7986a4d0a1bd5a85397d13cd49