Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 10:01
Static task
static1
Behavioral task
behavioral1
Sample
e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html
-
Size
6KB
-
MD5
e9bc9e5f0d7cf8cfffab61545960bce9
-
SHA1
25847d9dd5b118e207fdda73b96704f4275d70fd
-
SHA256
e1a0e3ff3c1caef0b10535bfd1fa7c524620bc837cea99d781f1c6aac815e05a
-
SHA512
27d3cd4d6d010423dc3a99831fdc3f39dae94f500b404ac9e512947ac2e60fb9910c3e0673bfdf1885092de55084b0f4c860136e6da5dcee7b978c780ba26fde
-
SSDEEP
96:uzVs+ux7CcLLY1k9o84d12ef7CSTU9ZcEZ7ru7f:csz7CcAYS/wb76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4516 msedge.exe 4516 msedge.exe 216 msedge.exe 216 msedge.exe 5096 identity_helper.exe 5096 identity_helper.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 216 wrote to memory of 4312 216 msedge.exe 86 PID 216 wrote to memory of 4312 216 msedge.exe 86 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4388 216 msedge.exe 87 PID 216 wrote to memory of 4516 216 msedge.exe 88 PID 216 wrote to memory of 4516 216 msedge.exe 88 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89 PID 216 wrote to memory of 4764 216 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe778c46f8,0x7ffe778c4708,0x7ffe778c47182⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1276
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
6KB
MD5dcf71d7c8c2ebffe77d2696672f31a7e
SHA1142f1dc149a5c1e661de5faffef905a8bd759912
SHA25604c8587d1d1407f33999518b09db32f6840f6fb97b9aaf60a3753d2a3076b79c
SHA512f91bd46600be9d42ea47422c4aef4241cf56e53b6276fb712a272c3ee1bdef5738d2cf8f6cc33ea5665d48aa0003a5260264462e8a67829b696a469bce325374
-
Filesize
6KB
MD59e1c7151a22c302b8ea89be1359ae6dd
SHA192ab890d563f04d3f5af037a4a8a66d314866f33
SHA25686bfb89edc1fd6c19b92e5d4284c017161b77cffb424ab221694036521c23fa9
SHA512c1bfddfcf068c29a464cec9ab431ff346be9ab056581b1c6696ec7d363c3abb2405fbe292d75961d9f95a4073e02b17a2794cc119b9dc66c6e35ff50cdeb49bb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f90aca58ff6dadb19f5f1ed95c9ffc83
SHA174e51ac97614e3ceb7f0d9aa10c001da9f7b2a1e
SHA2565c7809c353c8a3a62e00b11ee898051abf90ec3b159e7a49d6f6344dc3e2ac1f
SHA512e994c187ab73435381f8f6448c835e6fe682378128077543b768368d0287125d1b5575ff46bafe7ca9836646ce2c07123c6d05cbb3fb732edebdba74b4c573e0