Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01/08/2024, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
81cdca09bb9c0b177f6465fbb1e2305b_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
81cdca09bb9c0b177f6465fbb1e2305b_JaffaCakes118.html
Resource
win10v2004-20240730-en
General
-
Target
81cdca09bb9c0b177f6465fbb1e2305b_JaffaCakes118.html
-
Size
53KB
-
MD5
81cdca09bb9c0b177f6465fbb1e2305b
-
SHA1
d22b13e0d31a704ed06082cefa7a96a52f9a13a5
-
SHA256
92cfcfec4627bf7ba673a5e796a46a142dd00deca357fae9c86372a5123f3eda
-
SHA512
5e2b44759af4622195466c97d2c816e80752601f850ca5b389d5d25c14a80ef04301eb7b023d7325581d45e4670559c9bcdf7fb0c8d66b4deea07a00c3666876
-
SSDEEP
1536:CkgUiIakTqGivi+PyUXrunlY163Nj+q5VyvR0w2AzTICbb1oq/t9M/dNwIUTDmDZ:CkgUiIakTqGivi+PyUXrunlY163Nj+qn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2260 msedge.exe 2260 msedge.exe 4652 msedge.exe 4652 msedge.exe 884 identity_helper.exe 884 identity_helper.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4652 wrote to memory of 4928 4652 msedge.exe 83 PID 4652 wrote to memory of 4928 4652 msedge.exe 83 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 1108 4652 msedge.exe 84 PID 4652 wrote to memory of 2260 4652 msedge.exe 85 PID 4652 wrote to memory of 2260 4652 msedge.exe 85 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86 PID 4652 wrote to memory of 4804 4652 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81cdca09bb9c0b177f6465fbb1e2305b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb75ef46f8,0x7ffb75ef4708,0x7ffb75ef47182⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7089233877203928528,12342428283249430253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4592
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD554a5c07b53c4009779045b54c5fa2f4c
SHA1efa045dbe55278511fcf72160b6dc1ff61ac85a0
SHA256ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f
SHA5120276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493
-
Filesize
152B
MD5d3901cd618f65d66fb0643258e3ef906
SHA1c9b42868c9119173ff2b1f871eeef5fa487c04f6
SHA2561f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086
SHA51289c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98
-
Filesize
403B
MD5be8096d5aad1c9275ede04a0f71a4fce
SHA1c96e2144fbbebad98263fa412ea6f3e7914a8192
SHA25637e8f32563d01ce604dc9e78d8f0b1e13137d1f3ab50aede026dab3773672285
SHA51293bcad7b6670b4132a5cca40b7a823b8cc8cc9c094718826094fa4aeafe274c08617d3a7d15ee76a1eea0049c4ffca2d2671f31f3d8c1214698c743ab0a1d056
-
Filesize
6KB
MD5625cdb0fe35c485692b487c783bbc4d4
SHA136fcb038210ba80ce8dd69d98780ea79fea924e9
SHA25618a58827a99019b23ec6f21e3665f86c43ea46535045923cda76e2c199f8c5e7
SHA512e0ce6ea9c4281305519dc7d34a1fc56fabac7a07c9d934a2863d3bfc59ced2d88c93fddfb64f64f52529bcf48c72d6b2da403540595d3599ad8ad99664d17edf
-
Filesize
6KB
MD5be2a87bbd5b06505ff51f42245e01488
SHA1ee5e3abd2e75455aca59afb26595adfc52745ada
SHA25670b642864fc4f80ead07adc934b137a61d017406a5f5bf4ae09830901d689230
SHA5120a6b0e60305dcd06d92c0b4a948330dd9f4f220838c75d9e5e6f6197fb7c240e6443cc54408ed4dd9e5ed7111a74e599981d53129a667a0cf99300d7ce2fa056
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c3dc2a199da715744c6a245cfe82c2bd
SHA1f76c1f027502f3a0d1dab36aaca4accf3ad76b3d
SHA256028792aee56b0a49059c27c3979b18d2b5b010008208a1f375cdc9fd64b755ab
SHA512456b23b06a86aa1ceeb06ada6de638911885f05582e421c12655ceb02eed75f1c36b7a87444e01154cd7b4a506f93d00c0d328ea791dd645943523269dfc63f0