Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 09:28
Static task
static1
Behavioral task
behavioral1
Sample
0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html
-
Size
53KB
-
MD5
0ef60192eda2fbb6b2378eb9cd5948ec
-
SHA1
d1f2582d6f47ca5cc30871f37084fd3f867de343
-
SHA256
75e2483b0713a240a21fc17de9fc72fbfe77ebc3f910a267d98117e33106c766
-
SHA512
e527a96cf385da448bd6fb3e624c47ba7b701ab380ab5c5ca26b4cafb0be8f4deb461eee1544c05f7759af584700279beabd41af79d045a977c5e7efe51e0439
-
SSDEEP
1536:CkgUiIakTqGivi+PyUXrunlYo63Nj+q5VyvR0w2AzTICbbuoZ/t9M/dNwIUTDmDE:CkgUiIakTqGivi+PyUXrunlYo63Nj+q6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 1248 msedge.exe 1248 msedge.exe 3888 identity_helper.exe 3888 identity_helper.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe 1248 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1248 wrote to memory of 2324 1248 msedge.exe 82 PID 1248 wrote to memory of 2324 1248 msedge.exe 82 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4816 1248 msedge.exe 83 PID 1248 wrote to memory of 4412 1248 msedge.exe 84 PID 1248 wrote to memory of 4412 1248 msedge.exe 84 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85 PID 1248 wrote to memory of 636 1248 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ab746f8,0x7fff9ab74708,0x7fff9ab747182⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
5KB
MD52b1f41741c607a9d6bc7ef29657e91ee
SHA18d5f1ab7911de37e74f40d54b7969afa131208bf
SHA2561aae53e3b58094b515d014dd02e2a44321383a8238b1e294bb0f968fbd3dc3b7
SHA512000693e2a1ba7bc165623400dbbdaf5cf07d776cfdde8ba86acc0a01daf031fc4289f707cc65b828bf46a30a0eedb2ca66cbe32ac240fe296d7153b1a4649da5
-
Filesize
6KB
MD55f5d53c6304e44cf50639af17924c5a4
SHA101f19e2cfd6e6efb5235d322e6918ef981b03605
SHA256af31014bf55f74e84859d7965064c3edeee663bf69a77cb3c4d8de9dd010b090
SHA51231579b5fa58806ff37ecc50171dcb2a14045c38774a1493678429e6b9fecd996e155f75d3366080163df54747d663ec78ff69eee7977b6c2a0010bf522593ceb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD597c91ef12fe572738c57ebc5097ccf89
SHA18a0ec9839349ebf7dc49750fef7304e21486a030
SHA25649507cd1385b8a3c20b6e78e5ab6c8ba5816a584d90418d2d63f5744e9fda28e
SHA51259299f38b367e19e04c7eb203e5d8fbc135a67a21cd13324822d76ab7d303add0f255c9a48ce5ac646d40bf4ec7d9bcc78ada5a9ece5b54f2ff499b48bcafb4e