Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 00:20
Static task
static1
Behavioral task
behavioral1
Sample
d0b6bb566056dc1efead6f2998579397_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d0b6bb566056dc1efead6f2998579397_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d0b6bb566056dc1efead6f2998579397_JaffaCakes118.html
-
Size
144KB
-
MD5
d0b6bb566056dc1efead6f2998579397
-
SHA1
035dd34949c2996f1ebbf1e3eecbb17b2277ea99
-
SHA256
87bd9300ce9c5c266688538799e3e149b9c6f388d34ad7f4ce228575bba7845f
-
SHA512
a2d5da7febe113d8361445ec220afa4c6c3e4cd14cd2b660028701f3a9cd6aef563c156c27ad67aa1917a098ded786e52a412c641f7c7e883bcbd9242facc4e2
-
SSDEEP
1536:ZsPuhuTIpeWw5A+rUmXI8QG4ZgsU8SoOfC+Ae9DncUFliNsIlmds78vgwYjIB3Tp:ZsPuhuTIpEN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3368 msedge.exe 3368 msedge.exe 1536 msedge.exe 1536 msedge.exe 3304 identity_helper.exe 3304 identity_helper.exe 4796 msedge.exe 4796 msedge.exe 4796 msedge.exe 4796 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe 1536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1536 wrote to memory of 3648 1536 msedge.exe 84 PID 1536 wrote to memory of 3648 1536 msedge.exe 84 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 2068 1536 msedge.exe 85 PID 1536 wrote to memory of 3368 1536 msedge.exe 86 PID 1536 wrote to memory of 3368 1536 msedge.exe 86 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87 PID 1536 wrote to memory of 4888 1536 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0b6bb566056dc1efead6f2998579397_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa67b646f8,0x7ffa67b64708,0x7ffa67b647182⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12208831518763372600,4029700043194207019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4796
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
257B
MD56edca6da5130c768f823ef28a90027d1
SHA170c6026009dfb8a6ed66186cab6537f5b799bf46
SHA256100f6f57c8f5a39979ac120d5d5c56dee06d56a20d7e59e848ca97dc648178d2
SHA512399ac03a157db8117467c7e1204b58f17ca00543824f18f372c8550b8a007e1c17825af2e95e0666f27db25a3c2b842892cf86a711bfc545f6c7b5015999ef03
-
Filesize
5KB
MD5176ae13c5d18a0d51abd4f2bfe2cd16c
SHA1b7338c4ef5c1636fc3b17757faa291d0bde8f922
SHA2566ee7cd571711a7598e0f3e89f86beb99c3ead3ab618f75c78ba40cbda80f58b5
SHA512bc35372120071b928aeff91f7001b103ed798c85f25f64f5f884d9d60fbf54accb28e030d771d3a27ccbd37e17cf7df27bad5433ed9d351c39dd2642e0cde1b3
-
Filesize
6KB
MD580bad4a31fd1e79250663d53ef2d5f63
SHA168a0a4c104ef9c25bbf7c8a58bd48580ce840576
SHA256755d41cdad6afd7b0f6ed5aa54c52a2f4e8fe646e572c05bb6c10dbd748deeaa
SHA5126f05eb0828db97d8c944c90c2bb2eee8854eed355358fbdf6ed86991097afc422e0fa3299d2c29ae5a0babf4180b03eac13999b2256b3b6882753f5e4a17649b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD577c5bf40f63e52cb07ac3567c61b5a5e
SHA12c6c42c4359ac38b2fb945a0ed6bf7b9742af9e6
SHA25643c147e07b1c8cfc0c38c5e26a17e7a1fb18dc4f1877a6c9c2fa26ceb3f7917a
SHA512680adb849a9c8b8ac1c7583db1000e508475905ed907ade067d7591e475752ed099d3909992b560cc31ae3a50127e0274daac5b146c3d39d025887fef8258620