Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2024, 03:28
Static task
static1
Behavioral task
behavioral1
Sample
04344df2080cb734c912b2af86f10cd4_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
04344df2080cb734c912b2af86f10cd4_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
04344df2080cb734c912b2af86f10cd4_JaffaCakes118.html
-
Size
11KB
-
MD5
04344df2080cb734c912b2af86f10cd4
-
SHA1
53217b4409909ee9dbe1a78c4c7386f5152af696
-
SHA256
61890b88dab9d53463947cdfd73bd0ca95692463121d12434bed6e792fda37ff
-
SHA512
16facc756139f84f2824c79f4e23aa1a113e8d5fa16d004f842d5df1b4efe71ae368d5a3d043869109fd8aa28af68a94d9236a262984ffe0f94f6717e3683992
-
SSDEEP
192:Zy2RP9q5xy17qGDEDzRafXDYF5cHvk/OZb8m+Ii:s2RPP1YITY4HMX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 2232 msedge.exe 2232 msedge.exe 1328 identity_helper.exe 1328 identity_helper.exe 4584 msedge.exe 4584 msedge.exe 4584 msedge.exe 4584 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2232 wrote to memory of 4500 2232 msedge.exe 82 PID 2232 wrote to memory of 4500 2232 msedge.exe 82 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 3152 2232 msedge.exe 83 PID 2232 wrote to memory of 4772 2232 msedge.exe 84 PID 2232 wrote to memory of 4772 2232 msedge.exe 84 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85 PID 2232 wrote to memory of 3488 2232 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\04344df2080cb734c912b2af86f10cd4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff8996947182⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8194337075961749031,3306026688609436253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
546B
MD51517274c4e5dd2789f4bed35ef2fecff
SHA148bcf741bbd837cadcd8420693d63758feaa14a0
SHA256fb2009b7df886bc953222a0ecb4c1458745560c53567ba558de329dd16091d38
SHA512cff0b4e685ec70f17cd43fd6f6615dcc41ba4a0c7441d18262d847f4dca6603e21850e0439559b702a58810e2221430e96d64f89845797a867b38df09b948ff4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD55524baffdb18117e0cdd0095ae41cc3a
SHA1a7f6d8b1ff4a7455bc3b971ef5c9b1a629fcb82a
SHA256877940fbaa47bde8ea40e992e8a051b7f56a2c1fdaa7a103b971ec1856deeb92
SHA512ebf086878ba16ca9c2175acffaf18aa74f008c920da4d403d0fedefcaf67790226b75253199d131b1c2e60bc59ecbb0d377f788d47c11eceb19e9c6f1cfe4d74
-
Filesize
6KB
MD57bf9bb8851d9512d16dbd50fcd05142d
SHA1527c7d89f44aff0a6c3dad0709cc3cea4136fcd7
SHA256678e9cd613f0801505be05afaf8f967371821650f675e32037a957b5fb176100
SHA512122d387663dab08ba2544f6cc7cc20dcf070d971f67e5d83b42b232ff032cc55024180f9293cf941205c3d0d0821a22f8f87d56760122a4b0c623a9e61de2d5d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d5a9ce4351628cdda498e7b82c68450b
SHA19d115a1ba3dde91e033ba41830d5f3aad23d074d
SHA2567b26302d0de9153b9c9e924f96153b7d307364ee69cd3db9e0a619485daac929
SHA51260cd343aed5e50f29014eff1c06765cda407e65ac01b1341cebc714dd777f68297bf7f5c5dfb506c5d9895a1e2b087bee15cf9a2a45a495d16f5948f77c187ba