Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 00:00
Static task
static1
Behavioral task
behavioral1
Sample
b16038834622abeceeb5978724d2b7dd_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b16038834622abeceeb5978724d2b7dd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b16038834622abeceeb5978724d2b7dd_JaffaCakes118.html
-
Size
34KB
-
MD5
b16038834622abeceeb5978724d2b7dd
-
SHA1
fe5c518fb4b7ad23abf51b40f7413889aa37632e
-
SHA256
54bd57db19bea021a9e4e702f7c2379bf5649b5477d8c3239e7ca72dd7bb3d4f
-
SHA512
9b2ea5c290fb8c4987918dcf96e6823e3967178acbcd38df389852ed1493224e553b8b97ae22b2be6f0f36dfd39548c70c0268afd59cc337c30b2dfe014da121
-
SSDEEP
384:1u70N+xo9tNcOV7ABLzl9w0dJ6tWJRUoM3MtP3zlBYoxXIquofCOHuh7mavcVoKF:1hNNtNdAT98t1oJ3coJqOHuh7xcdT9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4428 msedge.exe 4428 msedge.exe 1084 identity_helper.exe 1084 identity_helper.exe 5020 msedge.exe 5020 msedge.exe 5020 msedge.exe 5020 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4428 wrote to memory of 2752 4428 msedge.exe 85 PID 4428 wrote to memory of 2752 4428 msedge.exe 85 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 2684 4428 msedge.exe 86 PID 4428 wrote to memory of 4740 4428 msedge.exe 87 PID 4428 wrote to memory of 4740 4428 msedge.exe 87 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88 PID 4428 wrote to memory of 208 4428 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b16038834622abeceeb5978724d2b7dd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeda2046f8,0x7ffeda204708,0x7ffeda2047182⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5520274432533785401,12634894110089782779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
523B
MD585196db182dcb8a24e3e799efad07e11
SHA1bdff04a5b6e921bce4bebde4eb615d2eb9d921ab
SHA2561b1ce97460a0bd2070f004fadae983012327917d7ec7e9b14daecfcc188e3800
SHA512f339d76147b9fa8776717e43dc53bbbe2df0a89de66418cbcd96fc98f62faaa1e77aba07d51eeef772d5c8155f70a8d967f302de1d3bcdc17ddfbdb7899bb193
-
Filesize
5KB
MD5d7a0fd62738714a5341c73eeb5d6dc73
SHA1a1a88bd66cf66493c2ede58713688eb44a40d598
SHA256252adec4a1e075be84be5760eca321a0f38e10549325105fb1be253d05e98c7a
SHA5128e8ee11f445f710e1feaf4378ea57aecaafb38b2a12716cb6adcc129c11556a7668f90145f74cc41733ee57302a53bc28131a4f5adbcd9717fb6eb0a56f45018
-
Filesize
6KB
MD52d3f9c667719cdabb68023c31befc09f
SHA18ee56537b35b9cbc7cf42be12fb00abcdabcd01e
SHA2568a92ae79b5130b46b72d9bbf23367fea711dd2f7644aabe9971a94dcb0124170
SHA512fdf2a6115fc93cc71a93515dccf15ed05f9a474dd38db125b7b7fcf4fcdaf469290649c64abc9e7d65c3795927b36a7921be3cc03d7d7969ee772e251e82c04f
-
Filesize
6KB
MD5bd7661653d7677d717b6648f4ebd872e
SHA1f2dca07581b81a7569f7aca41992916932e9873a
SHA256cbde17166a192fe71d052746db64241f4477c8e79507742396c75367d7c8a15c
SHA5120dd3f300181c7cffaa51b9175c6ee9a9dd0b3d094187d3aeacfc43555adac04c25606fec7049c833519229aaa16970310ef6f84f9ebb2626bf41565dd643ad7f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD503df19c10d206ed3221e11af4c0f0e0d
SHA1aead86d4a34c1483518deba0841047742e95812f
SHA25645e94ea1f8168a88cee0978da66f362f77e3f2b2782907c4afe3534ebe511e72
SHA512aff34a6d6ae17aca6372e97dc8434d120622fb94b92ae334ddb04f36596587b3e6521426943cb7e35b314bb7ec4003dd05476da5c541cb36150b13d0c9fbfa30