Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 09:20
Static task
static1
Behavioral task
behavioral1
Sample
cf35ae47d2db72a56f5186ee2d7f22b2_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cf35ae47d2db72a56f5186ee2d7f22b2_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
cf35ae47d2db72a56f5186ee2d7f22b2_JaffaCakes118.html
-
Size
47KB
-
MD5
cf35ae47d2db72a56f5186ee2d7f22b2
-
SHA1
7eb07b1387b2972916ba329d9bf5b0bf741edd36
-
SHA256
bbb03e16f4aa680727d8e483b0588e2d497cd209c1b6bd69b3c7b7490153cd76
-
SHA512
00241a9f022d55c790275b8db21a8cc95ac471e43974fec5876ab581ec60610d5c83fb24a0ff4e53ad208cd91197de0d94c66154a53b3aaaa55d69347f8927cd
-
SSDEEP
768:dbXXmHHNEneajwZV8bBAtQW6sjdczkQSMXDj9M9FiSdO9B1tn2hMkULWcXsIAO9D:FXXCtU6kP9l8QHExVhL3Cb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 184 msedge.exe 184 msedge.exe 4372 msedge.exe 4372 msedge.exe 332 identity_helper.exe 332 identity_helper.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4372 wrote to memory of 4472 4372 msedge.exe 83 PID 4372 wrote to memory of 4472 4372 msedge.exe 83 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 1236 4372 msedge.exe 85 PID 4372 wrote to memory of 184 4372 msedge.exe 86 PID 4372 wrote to memory of 184 4372 msedge.exe 86 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87 PID 4372 wrote to memory of 3660 4372 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf35ae47d2db72a56f5186ee2d7f22b2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b6346f8,0x7fff3b634708,0x7fff3b6347182⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:82⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4872649309216092678,8614974798887988940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD533c153dc9cc7b0959a82bec7ad284bf1
SHA17b2c2d349dadcba305a6bba933777de71cd20327
SHA2567d080f1f4a129939cc114538207089ff928ab08381d7969c9a3956bf9153e3c2
SHA51265539b37de608b4adb588c833b74f8f77d5e1ae5feeddcaea4f4244157c5ed535c8fa9bbb02e6ea588aad618c012dadf0241bc47874c48e5c6bf9845bbe68d36
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
5KB
MD5351901845ba384e32c1135da64f199c5
SHA1e4183170d3b86950ea861e542bf7e3c4890c89b0
SHA2568a110bb6d8ce837676e6094c74c3569bcae7271eef20cebcb788cb0b6c7c0f34
SHA512c9e34820e3e81bfa59f303da0cb6144ca5e61dbf7b62220b579f51ef84aea51a01495fa5f812b125cc3d8ee424a48034406e952c06c280d98e4079cf262549ab
-
Filesize
6KB
MD5fa8f2dcd435e25dd7602d682bbbc4037
SHA1cde26109397707508ab67f041f5777a7d3dcb241
SHA256cc7eb40be3058fd2c8cf6d2fbcfd8ae4ce0efc16c9b3cb75e19c5f371cece0a6
SHA5126ecee4ba07e86e48bd11c288ac2668a7ac89661b3dc6cd5bcedc85b44d8d2db3f648f87890b10be1e6f793064c7a07ef0692d5fd7ffea8ac26873b60fc102fb4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389