Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 00:40
Static task
static1
Behavioral task
behavioral1
Sample
0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html
Resource
win10v2004-20240910-en
General
-
Target
0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html
-
Size
6KB
-
MD5
0d2324c61f5e8dc3095ecd78465c613c
-
SHA1
3e6541350c051a012ec4323a19a81ef12cdfda84
-
SHA256
6c826836b15d2ea9695328169d8d86f63e9468574b8177419a3678d89dec9b20
-
SHA512
04fb10ef2cd7e685680d39ddf65f55d89b44208025a4d8dc317a18c38f5aa2606d1315e9274ead2c311b1d8d3306ff47c6258168ba7491a2600e679db7a3b3c0
-
SSDEEP
96:uzVs+ux7+CLLY1k9o84d12ef7CSTUEEtyIBojcEZ7ru7f:csz7+CAYS/a0b76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 432 msedge.exe 432 msedge.exe 1936 msedge.exe 1936 msedge.exe 3704 identity_helper.exe 3704 identity_helper.exe 1312 msedge.exe 1312 msedge.exe 1312 msedge.exe 1312 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1936 wrote to memory of 3716 1936 msedge.exe 84 PID 1936 wrote to memory of 3716 1936 msedge.exe 84 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 4764 1936 msedge.exe 85 PID 1936 wrote to memory of 432 1936 msedge.exe 86 PID 1936 wrote to memory of 432 1936 msedge.exe 86 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87 PID 1936 wrote to memory of 2412 1936 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c2a946f8,0x7ff8c2a94708,0x7ff8c2a947182⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1312
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57006aacd11b992cd29fca21e619e86ea
SHA1f224b726a114d4c73d7379236739d5fbb8e7f7b7
SHA2563c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814
SHA5126de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d
-
Filesize
152B
MD5b80cf20d9e8cf6a579981bfaab1bdce2
SHA1171a886be3a882bd04206295ce7f1db5b8b7035e
SHA25610d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1
SHA5120233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a
-
Filesize
593B
MD57c1b67d10e98d93db6d75096ba37fbb1
SHA1e5eefe9baae79b17177a696fe0b6993f055cbe78
SHA256a70ff65a5f625714d2a693ecbbf652194810124e094bda6125414c9651792af7
SHA512c4421f9f78aaace1ee9d65dfea8ae5eaa4bbdc329cca24eeace4d44050d10f69bd1b1b90ae2715df43f4f1c744b2c81e406477643383d887ac66e53554e03471
-
Filesize
5KB
MD5174b501828139c3a80917361724fc38a
SHA1b73029b17df42502d6d8544453bd8cec5f3c4a35
SHA2567c160e36d1c8ff56815e20152b251fb050e655c950da36567f755d379be4f383
SHA5129221a9b0b838681aff1345bf45ad85b15e7b1274f20b8631993d1551a7e7cf7e10ec5d93990293d39f44b10d6824b00ddffa1108458b7d371649b8236d2fecec
-
Filesize
6KB
MD59096b73df4c5adba3eec0cdc785ca094
SHA1cb0a5ee4f3150c2e0a8f3e9b59dd1fd6c9791861
SHA25688b53fc58ff8dbd5f26c80469a6a9517aa75f085111e1328ad89549a692a0a48
SHA5123f123f7aca43936c0b233a29d0a8442bde599ec8b47daba03a8b718eaacf8dbb315fe81e1d931eb47d82c29057ef275c477c9ebdd3e4b908333eda4fc48d348e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55356c3b8ecc22d74d6494bb2e85a3aa7
SHA109c177006ead1080cb6320259f083ec88bba097b
SHA2565e29f949c821282998c2f9b11c0aac6953c0b6ca7dea1621dd216a26669cdc74
SHA512aa9fa7c0571a987089fab4a1ef1a4716361bdfdb719181467fe6483e217565e6af2f62a0d4a69a1d0606833fd9b54b223ac3dc5d5662cd8ee91f99f89e7b5ff6