Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
2de92dcb58d577f4f70a861af5e3bae3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2de92dcb58d577f4f70a861af5e3bae3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2de92dcb58d577f4f70a861af5e3bae3_JaffaCakes118.html
-
Size
28KB
-
MD5
2de92dcb58d577f4f70a861af5e3bae3
-
SHA1
ba822793314ac457ffa4becc69f7c848763d87ba
-
SHA256
268c6963fb1b143ce7ae45104cada8f8dc1c05c529a4cb9d52e0f152e91b4ff7
-
SHA512
b680ea3ea12292fb0aa9c40e6d69f9e3ea6305e3e5d403bb272791bb1138f2fd45d8f672104b637b07c2124ebe54d223b6e31789d5558c390c7d92934f0ab54d
-
SSDEEP
192:uwDYb5nK1sqnQjxn5Q/AnQierNn6inQOkEntcWnQTbnhnQ9e7jm6LHHrYPbhDElL:qQ/riFTHrY9VSn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1264 msedge.exe 1264 msedge.exe 1784 msedge.exe 1784 msedge.exe 2728 identity_helper.exe 2728 identity_helper.exe 3716 msedge.exe 3716 msedge.exe 3716 msedge.exe 3716 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe 1784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1784 wrote to memory of 3932 1784 msedge.exe 82 PID 1784 wrote to memory of 3932 1784 msedge.exe 82 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 3600 1784 msedge.exe 83 PID 1784 wrote to memory of 1264 1784 msedge.exe 84 PID 1784 wrote to memory of 1264 1784 msedge.exe 84 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85 PID 1784 wrote to memory of 1624 1784 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2de92dcb58d577f4f70a861af5e3bae3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfb8946f8,0x7ffdfb894708,0x7ffdfb8947182⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 /prefetch:82⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,18154946578506515393,4360911309955918108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2984
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
6KB
MD5ad164ec08c9d09ffe6d54d28957359ef
SHA1cb8d26a8f27e40e3f9cb5a90c64229569d4d12bc
SHA256bea59b90f3b7283ed5694e4211fc38d8efe1f419275067ee833dcad9170ffb9a
SHA5124ee60afe2895482e149739de0ef31f8f44c6e53fa2fa5ed668f701fccb8372c95643be1d42ead562a2155fb189b6497829bee7d9efaa5b3438ebf2359c375067
-
Filesize
6KB
MD5ceabaf74f92ac5073adf3c138bd6c6a6
SHA1afc6d6b30665b392b0a966c572d0330e48660f3d
SHA25685d3e832db7cff7208eb4a601042ccd76a0343845d830c59e3a68f9aecefe3a3
SHA512a25dc8fcb4521a49582d3ba5b7b1b501d8de92547c9083de79d660118607f8b584f15568f64b26130348670c60a1d9eb5f9751d2219c26ce14e2eae03f5f3142
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52babd1691899a2f49d013f9c427414a9
SHA16b9adefd2f6d8429bc8d805d7ad6d1f3f1d1b83a
SHA256695c984f92ad27c8eb5fba5c8170b404b3df0e2839cf71119fefc10dcc0fb1f7
SHA512e6c93a63c165f964d95f92e5c03fbea3d9213121b217bb440fb4b3f552a863902076e78f1d419bee9acdc702075b3bbd35e917cc4863b5557cf75b8f646ee6bd