Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2024, 21:05
Static task
static1
Behavioral task
behavioral1
Sample
c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html
-
Size
27KB
-
MD5
c7a64c27720e1c38ceba73ca9dccda78
-
SHA1
6f2f65ad4f5bf5826d32fdc115ddb87d791b8d2d
-
SHA256
d49c222d68ebf9a1a29885bc71985cb91385905e91a15bfe339079898c10659f
-
SHA512
cb4ab47899c2cafe18ebb803bfaa93daea3da53db5315539e934d4892babc2950fbdba58d1584b07197f5d397159f84e0d9e96d0bf69a5492a0eea57070e74c0
-
SSDEEP
192:uWzzb5nxGnQjxn5Q/1nQieYNndnQOkEnt3LnQTbnBnQgHC6AzBEJWcwqHAHGCYrq:XQ/eBFKMi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3916 msedge.exe 3916 msedge.exe 860 identity_helper.exe 860 identity_helper.exe 4660 msedge.exe 4660 msedge.exe 4660 msedge.exe 4660 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe 3916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3916 wrote to memory of 3724 3916 msedge.exe 87 PID 3916 wrote to memory of 3724 3916 msedge.exe 87 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 320 3916 msedge.exe 88 PID 3916 wrote to memory of 3576 3916 msedge.exe 89 PID 3916 wrote to memory of 3576 3916 msedge.exe 89 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90 PID 3916 wrote to memory of 1412 3916 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed9d146f8,0x7ffed9d14708,0x7ffed9d147182⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16445716853620893823,16766930710038984667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
5KB
MD54d10483c1741f3ec5e5a3e946efff573
SHA1f8c6e1ee0d7c7683ce1cc0b6b5b03627af01ea08
SHA25605c7264ae11aa4dc66929cdcbf3c75253b696193b2f0c3730b6c90ec60eec610
SHA5124376311cc1b32ecc659262aa6e7e16b0c3157356ec408ee6150e03fb55a90a052172314a9d30f907251bbc885eefcf221b64b32197c17c6dcc5db32092b53482
-
Filesize
6KB
MD51c0dd63edafe3f1c43d4df3e192ffa6f
SHA1e5eb11f5d2b7623c07efe2ff0497224cb8f4771d
SHA25692d074e950a47e452cc4a5eb86c1e9bbf1de8bec28b4185af83bb892be38f0d4
SHA512c00d46611814d0cd9b8e752ec78452f8b8336908533ba99e0ea1b4e3f80683cc210db7b1352c8b74ea2ebe1a0c03263a1f2923f58eea9c51bb5b7fbe012f04e7
-
Filesize
6KB
MD5996f6a4eafc1a6ec74e79d3b43dea047
SHA109b1336958980d80220630b6a665ac74701cba57
SHA256bffc45439ff1d07a0ada8e8f2647f275a4cdb6388b184744d7ac7198ba8ba2db
SHA5126cbe03d9895fc0c563279d368386f2242af0d7c666d90ed10f08ac9661a5619c0a39a1d10b156f2ac9d1eddbbc436fafd6cb9fb677d5e97dc9331b069d49dd56
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD57a4003de0b5375f8a256972dc8375ed0
SHA17dbf906d6a1cfce1e2e65039d31e19772304e9d5
SHA2568c01250d74c4c1ac05497eede460d78f3934b670432e8f12538f9a5e6e028788
SHA512a936a71e0aef1a99b42810f3cb79fe6b2b45969787be51a0d487e89e5bdfaa8776b3672a7a1d2405c9d30e1c86a0a3771f119aaace751e7248b00197a3e8dae0