Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 05:11
Static task
static1
Behavioral task
behavioral1
Sample
2d8361562ce6f2927fefbbc2fcb4d4b5_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2d8361562ce6f2927fefbbc2fcb4d4b5_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2d8361562ce6f2927fefbbc2fcb4d4b5_JaffaCakes118.html
-
Size
68KB
-
MD5
2d8361562ce6f2927fefbbc2fcb4d4b5
-
SHA1
63e668cafc33f5a18053482b2d854b5fcf18d492
-
SHA256
bd7434da596cde40b59718377bc698b22bdad58edb3fb30c656bc42fe006f8c5
-
SHA512
997338f3200dbfe4df9fa46df8a6b7bd9310191bb210443aa2045632cd47db6500d013b35fd3c8f933a952bfcbdc666998745643d2989d7ca7fc2832a0f20d76
-
SSDEEP
768:JiugcMiR3sI2PDDnX0g6BmX/A7oTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8X:JuvY0TcNen0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4032 msedge.exe 4032 msedge.exe 1984 msedge.exe 1984 msedge.exe 2936 identity_helper.exe 2936 identity_helper.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1984 wrote to memory of 2408 1984 msedge.exe 84 PID 1984 wrote to memory of 2408 1984 msedge.exe 84 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 1260 1984 msedge.exe 85 PID 1984 wrote to memory of 4032 1984 msedge.exe 86 PID 1984 wrote to memory of 4032 1984 msedge.exe 86 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87 PID 1984 wrote to memory of 3568 1984 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d8361562ce6f2927fefbbc2fcb4d4b5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff62e646f8,0x7fff62e64708,0x7fff62e647182⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵PID:612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17331205945041734790,11185917562657713219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
6KB
MD5733eb3ee33020cb9edec91dc5429489a
SHA18582c07a022a6924126e8232216ee3ada186e282
SHA2565d7065bd08e0b753447618057b2caf3d1509fb5d84ab9ca149401b3ab31d210b
SHA512f445d32519274e51098063f2d9565cfdbc12b309957c8792f3c20b3784a14d2fb103500af7312feb5a8ebc422ff07a4611cb1bf7f8ce1bf8c6517b32ee2be950
-
Filesize
6KB
MD54d44e05199f1a6b4d24e03f1087c76fb
SHA1c986251cb61416aa2a791f8c8189631fbdea4f08
SHA25631df87709866538b495f1a0d71e0f36d0afae0b7fdecb5a19be03d8260ba3571
SHA512052ea697b7c3c18bd9247a8b0593f10f1014e17aa757eae0645c6783ec7996b48b3d225c2df8233dd0871f9573594d22075f2dfcb9594bec3649b0f610ac091f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dc557ac7c9ba23c2a70e5f62614fe651
SHA194bd9e6a9af402f10c4e3a440261dd328ae25091
SHA256eaa3697276e66a3e78c13e8c587c2fc8b9daa891cd391440f0f9e052284ffa70
SHA512d34c737369798288b0ed8f79dd100b81d1ad0ff255bbe9fb1c7d2b00b2b53037060a03dc6ddd8d3ee7f290506061e0645a0f97826bae884bf40c983c9b1052a1