Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 14:23
Static task
static1
Behavioral task
behavioral1
Sample
e2bc17acb8cbc6de0d242e140421ecdb_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2bc17acb8cbc6de0d242e140421ecdb_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
e2bc17acb8cbc6de0d242e140421ecdb_JaffaCakes118.html
-
Size
13KB
-
MD5
e2bc17acb8cbc6de0d242e140421ecdb
-
SHA1
b664dc9be91ded64f7ba1667ac0a62d300038745
-
SHA256
c28cd55ae12688f6f2f887efddc8d473417d2963ae057791d8bf1ee60e396b86
-
SHA512
becff147ff0e430e98b9edc5e6c6ef98e4fe019218a1099ed34b2686a76a897cd3bc148c466f8a17289b0632300ac241ae2f5a7e096073a05455af97c7cf0ce2
-
SSDEEP
384:uF68gqJ4AE5KGy8m2TxIm8Zug3icfRxJUNHb+oRNkM:uFOJ5vmUxI5ugycfRxU
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 4144 msedge.exe 4144 msedge.exe 668 identity_helper.exe 668 identity_helper.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe 4144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4144 wrote to memory of 3236 4144 msedge.exe 84 PID 4144 wrote to memory of 3236 4144 msedge.exe 84 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 4436 4144 msedge.exe 85 PID 4144 wrote to memory of 2224 4144 msedge.exe 86 PID 4144 wrote to memory of 2224 4144 msedge.exe 86 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87 PID 4144 wrote to memory of 4132 4144 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e2bc17acb8cbc6de0d242e140421ecdb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbccd46f8,0x7ffbbccd4708,0x7ffbbccd47182⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11217293554984415165,15903240356461455758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3312
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2604
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
6KB
MD5ba5959996e5f8d4895257f6b2861c862
SHA1270f19a74dc21c2025cb1b065c9694b8e45961e6
SHA2562e0165cb6d74d23dc365661d38c01647a889909282a3a716546e1af6c8a2812b
SHA51279cbd47213d0961f37ab09b14835d14e43a35e7077c0ed75951bba3d1869e5ac43eb12c711d987dbdafd842917496d579ffc098556e49f7138693973fcc97869
-
Filesize
6KB
MD523426f867639411b71e1215ff2ba6f0d
SHA1304089cef84b4d33da400ecf428b730ebd18a7de
SHA25673cb3e39bd38d1a064201e87ee4cbfca88a8d713618d0582b89438c1f56a25b0
SHA51248e9031d5604f3fe9a65a1fd035ff4415dc7822c286596d561b67d65e47a600ccdbc0a6a52dbd97d9a2cb5a6c94f648a5910d9002cd5d0792bff72232c0b976c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54103689d744f2a5f699df0acdbb841e7
SHA17c304225af4f9be709531d755148487bb3cb7e6e
SHA2567c3c79c579bc6c3989e0bdf2577b0e50b125ca23a16090e96f5872a139989435
SHA51291da1a6f4b05764481a1d5d8256e297ad46550545c9ffab2a81bf699cf34332481ea031d54d798956958af49b7c658b78d2580a8dec3346bee40ef57300862ef