Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2024, 06:09
Static task
static1
Behavioral task
behavioral1
Sample
04a35ff6592b1c22647c05072d2e5d2e_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
04a35ff6592b1c22647c05072d2e5d2e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
04a35ff6592b1c22647c05072d2e5d2e_JaffaCakes118.html
-
Size
32KB
-
MD5
04a35ff6592b1c22647c05072d2e5d2e
-
SHA1
30bf19abfb93c6d99d60b98f06841b4458847a2e
-
SHA256
2b09245202e4bc19ed9c3bda8125a071288b1db1b4e9e1f1ad6fc87f83cba36a
-
SHA512
4285fc9196627f5d58ed809332f041104777ca9df4c538d4c6f6a165f486628aa0d10fd63c559b23274825c39fc419c51594ef79ab40f3bc50ce0a2c14bf1f6f
-
SSDEEP
768:az8d1oaz7NQjI+LCsCr5N0CfRTw6fNKNmAdXbCLPR:abaz7ajIAPo5N0Cflw6ydXbCLPR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4744 msedge.exe 4744 msedge.exe 3420 msedge.exe 3420 msedge.exe 3804 identity_helper.exe 3804 identity_helper.exe 1776 msedge.exe 1776 msedge.exe 1776 msedge.exe 1776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe 3420 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3420 wrote to memory of 3904 3420 msedge.exe 82 PID 3420 wrote to memory of 3904 3420 msedge.exe 82 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 3668 3420 msedge.exe 83 PID 3420 wrote to memory of 4744 3420 msedge.exe 84 PID 3420 wrote to memory of 4744 3420 msedge.exe 84 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85 PID 3420 wrote to memory of 5072 3420 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\04a35ff6592b1c22647c05072d2e5d2e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd47182⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2338044089287372563,6778264460744018550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1776
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3592
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
478B
MD5b47e0ce41bb3119dd5cc5c9add637059
SHA1526f4e0dbffa0b13082ac5d434ee5206c001b057
SHA256a370219ae4295a7a31c6ba0d10a288ff529a5b90d017dcccc0d6fb27fa345994
SHA512a57e8dab226f165ff0a2eb982fd517015d305abf6c1b32e3aaf05577d6e9b231f7e8bbf3f93be5427854f8d52199f91da9c9a5afe924f3af42826ed15976541e
-
Filesize
5KB
MD586ffc6a2379812c7dfa914c344f725ae
SHA1587031482813595b4e8a20e7c62c6352b16fe4c0
SHA256708a86b5b7da2fc43fd0294d1d4b141b567b805830686a34186b7e3d23b058b9
SHA5129dafad6548293b3846dfda239bdeee7016023552cb807c71c69c48cdab3d0b085a8c896009161d743fa5363a1a82e36d2aee4e32e5d4e1ec0fa730e41fb69f5b
-
Filesize
6KB
MD5ccd328b97ca21c68993095f07e1f0232
SHA1e125717eba1da3fa8a6292ad884c00c42281c1e9
SHA2566cb294ba4f0462a358b2aa8e9e9f09f4d8d199dba9dde44bc8867dcb30758eb7
SHA512135eab5464c534c1d3904fc40ab530dd8eff34db599b44ac7e3d410862ab98303e125d1172cbe0fc7c319d3aa7cb5b5a047594e0770cbccbc91978055f314e11
-
Filesize
6KB
MD540ab9f06f8ac339ee4c9f65f9a657116
SHA1193672fd3284ef3fe909e8590e15845195e5bf4f
SHA2564bd44fdb843db3651d79cdbda1f818f9709ac4afcd1fb2608e163644d319cc2e
SHA5120205e0fa04b7660b035c11ea8cec4f19e8bb8344f1922ac454b11c147e831bd068262b911693f8e53bf512e1203042caccfb2bfa8d39f876360aa0f389c5c419
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55c23edb7cb7be342c92083b661b0786a
SHA1c623c6dea4c354e7dbd9a24444d24795f99a4421
SHA256484c3eb67f37e85e277b9e338cf15be4d93a635b301210e9dffb130f4d861aa4
SHA512935e1de88c07e1b0e2a3983a966b7b70fe6f417b87d1a9cb245f242a0e64bc2541a1d77bb47448a6e8f9de6faeb3396e6f48f0678e66545578fbff77cf54b638