Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2024, 04:49
Static task
static1
Behavioral task
behavioral1
Sample
046cd5bce55aa7419258ad8e039d03fd_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
046cd5bce55aa7419258ad8e039d03fd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
046cd5bce55aa7419258ad8e039d03fd_JaffaCakes118.html
-
Size
6KB
-
MD5
046cd5bce55aa7419258ad8e039d03fd
-
SHA1
424a09afaaa258f091af626857a8963a50b8ebc5
-
SHA256
641f382321625eecbd01461e4f855d26a5915eba285e93ed9efabf4cb2e2ee8c
-
SHA512
4b3bae52ff07beadbba9eeab3b44ca0ef768886a022c525365b38db0e5499f47dacd3d3b18409f0ec9bb4da763eaf222662c73eec553a93d721c478e38ee0111
-
SSDEEP
96:uzVs+ux7yELLY1k9o84d12ef7CSTUTLcEZ7ru7f:csz7yEAYS/ob76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 464 msedge.exe 464 msedge.exe 2016 msedge.exe 2016 msedge.exe 4736 identity_helper.exe 4736 identity_helper.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe 2016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2016 wrote to memory of 864 2016 msedge.exe 82 PID 2016 wrote to memory of 864 2016 msedge.exe 82 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 4832 2016 msedge.exe 83 PID 2016 wrote to memory of 464 2016 msedge.exe 84 PID 2016 wrote to memory of 464 2016 msedge.exe 84 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85 PID 2016 wrote to memory of 1604 2016 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\046cd5bce55aa7419258ad8e039d03fd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c9246f8,0x7ff84c924708,0x7ff84c9247182⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17338345478591236895,5343488797519051958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4420
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
5KB
MD5a01dd848666885a9c806473b1fc9394c
SHA10b6f6a51c186c9727ca79cdb9d119767264b3b2f
SHA2561a34a20477e11418255ca52ae80bd968fbfc0c8c13d5eaf27de4b95f82fb4eef
SHA5129a4feb10a1bb94fe2192a431be880b0bfa8b188d52ab8fb7bc84dae40c4e4df23f6368652b19ddb8796ad89f2cd1b8a482b6a945e945545e7ecb6e6e445ba30b
-
Filesize
6KB
MD58ab5c6bff9115a55de5852056643d1f9
SHA14b491f1ba6cab1ea08ae87eb68b9312881fcac99
SHA2562d019213b3ff0272cc2c3ca3e8912dfee335716621fe0a28db981f41b184ec71
SHA5125ae4045ef9c95577d69cf2fac06331d944db6a9c3aa3da0088ba38f62bb34159a85f019623bc39f953e4641bccac934d72794ca7849314b183c01b1dd65a8b48
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58beb5fd2c6414a63a5b22822afa8e1d5
SHA1b1d83c9cb194f227f89fb64e16d40fa60519e4e0
SHA256295c7602d678ff3a742a940fdc2697fc728ee042a710628695ddfa1e0580facc
SHA512e178be9bd47c0e522431b410676b218c0b81647e55a8d041a61a662af3a2186aabba7448d6f2874424f64069458b2cd3a1e20495c5da8d5c42e4457ba5eb998b