Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 14:25
Static task
static1
Behavioral task
behavioral1
Sample
c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html
-
Size
75KB
-
MD5
c900b724da3c8ddbc6a810b3c012661e
-
SHA1
c64f92aeabc04426f663ba31b8ee1a522fb3a2d9
-
SHA256
f9c39e8df004cde4b5dc174437b76aefbf577d4d80e5c0d20b7af31ea74d52af
-
SHA512
f7f913afb214a89cb464bb69f6629f1057ffc9094bd1422b78ba2b0a01c40f1e0fe2148e050ac51def5df26f3f704a0742cf00b88da66acea63eb7dedd998c4e
-
SSDEEP
768:h9+uuuLs9OG/J8mxZhcRCzA7iLrIb0BgB+enXki:h9+uuuLskWnxZhcRCzWWNBgB+enXki
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1064 msedge.exe 1064 msedge.exe 556 msedge.exe 556 msedge.exe 1516 msedge.exe 1516 msedge.exe 4912 identity_helper.exe 4912 identity_helper.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe 4264 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe 556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 556 wrote to memory of 4252 556 msedge.exe 84 PID 556 wrote to memory of 4252 556 msedge.exe 84 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1556 556 msedge.exe 85 PID 556 wrote to memory of 1064 556 msedge.exe 86 PID 556 wrote to memory of 1064 556 msedge.exe 86 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87 PID 556 wrote to memory of 2616 556 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c900b724da3c8ddbc6a810b3c012661e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c6946f8,0x7ffc9c694708,0x7ffc9c6947182⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4680 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13059838735953858412,12665606278580800867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
497B
MD52ce123c1e02205b496b9b1955b17c69b
SHA122d7a616ad955eb404eac6ca5ff27319f3406fc1
SHA25611f000dea7040c56c66d2b95ffe47b1b00a3a3ee246307abdca321f9998ed0b7
SHA512844e8af24b3ed02d8555225a055d396c3ac4a0bd43a57db84b6a717b1b76241f84add1ad8d80d99f2780c6acdce5de710088ecf313f316ce5983816ec849d044
-
Filesize
6KB
MD5326bb3ed3972087724ca71e2d50ce09b
SHA1f17373170ee52c3ab4ee5cb776aaf918bb796ba5
SHA256a78d3a22be7e522d33f99df44332d1a66e197c7b56fabe7a34cf6903ccc2207d
SHA51210bf84da8551a5d488c4415c18bcbff4871a29b35f0092ce05ce968979d98d781ce03d4890e176037958981af565b066e10ffbdb3023c8fee3e418aea723c690
-
Filesize
5KB
MD5ca7ce7ae93eff3e97fdcdc3ce15db098
SHA1be7808df1266b09a022ade748265b3f33a071918
SHA2568bdd8b7da6414d1eb803c7e6d6fe9204754b80a72c05a397c590f562dbf22616
SHA512c6ec46923dc28812f4cd48e5fc9239e5fe2a8d77431f8f59c0e203a0e5566769a67a731cb9937bc7a29efc09a03d224ae0fde9ccd4b338e220584683ae36a58e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c51b35eefd59acdc93b09e9808cc1c97
SHA121e50fdcd668d27ebfbdcc2f21c8d8ea115bc4a2
SHA2561fb048771bd0329526f5a9e1be21d1f26708e72a4244c4e00e71a5ffc1f08839
SHA512ef558a4411f8d231d9ae1849a670e051b30a56667010dd15fbd93de295fd76093a7e733133fb8fb7cec7c2d763f6cf473b28f243a1887a9bb6bd238878d354a6