Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 14:53
Static task
static1
Behavioral task
behavioral1
Sample
cfcb8f9c91d74181c40839af661d4d79_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cfcb8f9c91d74181c40839af661d4d79_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
cfcb8f9c91d74181c40839af661d4d79_JaffaCakes118.html
-
Size
36KB
-
MD5
cfcb8f9c91d74181c40839af661d4d79
-
SHA1
1112ea6ef7cbd1732d7f6cb4e297f4beabebed0e
-
SHA256
f8f80fb1d991f595f454ad075a969ce59f6408b278d8b412de342e2d243bc8a8
-
SHA512
217580e0f1234ca4344c39dcdf397eaec0dc0eb4fdf029de1b84bc4c364e818bb69ea63f17d4bbe6e6071414408a2947d30b9a91d4c7c40ee7ca4702a6bda0f9
-
SSDEEP
768:64FQW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34aNi6781DdRA4vEOjq6h8aRlR9:JFQW81D4RA+vEOjz6raA7Ia4C81DdRAW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4244 msedge.exe 4244 msedge.exe 1920 msedge.exe 1920 msedge.exe 2056 identity_helper.exe 2056 identity_helper.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe 1920 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1920 wrote to memory of 4612 1920 msedge.exe 86 PID 1920 wrote to memory of 4612 1920 msedge.exe 86 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 3748 1920 msedge.exe 87 PID 1920 wrote to memory of 4244 1920 msedge.exe 88 PID 1920 wrote to memory of 4244 1920 msedge.exe 88 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89 PID 1920 wrote to memory of 5028 1920 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cfcb8f9c91d74181c40839af661d4d79_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a8746f8,0x7fff5a874708,0x7fff5a8747182⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3060947439509250222,8899816559333390870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
572B
MD5458fea6d607cb1b574623eede2ab3d44
SHA1f5e9f1a879e7ce188e5bf573e8cab8e1b8fb7c9f
SHA2567d51ef1e9aacc7f84460c47a963f1cb36bb11b69816da16ac7bae3db83a5838d
SHA512ae1125e59453cb62b02d40b1b5eb9bd97d3f004390e53d53d25a6666b013169a42d4e4819d003ff33af5bcd1a20babaa73b40164142e4cdf7fdcd284db601262
-
Filesize
378B
MD5f9e41f65c68b857b26f4cc124dacfbcf
SHA12a980ba4c708358dcfaee3f78d80282a69589648
SHA2564b62b045dc4326b3caea3e0cdb499e26dcceaceaca81680f90030db58e51dece
SHA512d721153ee5e86221b9438fb355038d70f344eaf07246665af69ca694c8ddc1b17fbef3259c4b54639a65eee362952d7b1c750924a6e7e1a5c4b1e087c93eca26
-
Filesize
6KB
MD528ce7e65550834ab0ccd1b2b7ff64446
SHA102134aaa4d7ecd637c8adda4bfbc027d7ab66e38
SHA256248a6e551e5ca15d60e3110a27a7b03763a76d4b32f2a4d608d371204fe746b0
SHA512de38b4f36f3a599167ff2bd7c7385c821e58230227aff978f5917daf7351ee0723e3f0a6c1dc2dc5b906965d52f58200a8dc531f9d10dc3ae1750d178a741e93
-
Filesize
6KB
MD5bbae1a6baae0f4e4ab7ace918dca6d8b
SHA10eafba9af8faff24e5ba2c5a5701c0add0d9619d
SHA256196be73edd31164ac28df06e7f6da187f7633ee487d9c53c0f0286e65d5915ec
SHA5120c8de1a81b0f72da252e8e0ec2aa3271903eb569ffcf809a8e3de9c0894b6ec8574376cf249ca41748583e6f10f87bec38c637e6c0634d2f01b6f52d73caec9c
-
Filesize
6KB
MD5a809d90220cd7cefa36d7ddf08f4b3cd
SHA1d406325c2d6489de15f077362b1f7c123f6a426f
SHA25696a6448084f79faabc8c93629b3117d2a7997ba80a53d18ac3390d5b7ec0753c
SHA512903ec7fa458e1575aca330bb7ddff12a908b1ae11a05ae4421fad35df0c8e12ca30cd3e9e309772422ab14e23f619bba4dfc5e6ffc2b1781c277ad7923202f93
-
Filesize
6KB
MD58378b562b0fa948459c58a55c5e46fb3
SHA128ca8494ef1858b4716f96632c06a3dcc689908c
SHA256392e7752b7237f5bec7bf458c057bf4803b22d9b7df2f4e9feac2ed8f50390a7
SHA512a9d5a111c49369ee1f97b4bd1a95a685c240bfe3acb0bc8e0048e9107fcae7587e38de457b1b0a35fdc6d8b34d2ca1da19f1b30d592a0df3105d82d71eb301c6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51be1b34f06d1de568799e5880f6f1799
SHA1594072ee30f712eec3e6561f6703fc5f5582a50b
SHA256f2c11c21305a8007b9f0f94329981f3906c92510b4d0e6c7ef9f18ed3726aed3
SHA5122fcf9eb3ddedba6274d2a82d56acbef14cbd73fd2d7fb8f6ef036a48d447e4ee3d07b55c45fb5982908630c234aa1eb5590b52d5027351187a4d7915b9a5cfcd