Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 10:12
Static task
static1
Behavioral task
behavioral1
Sample
2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html
-
Size
58KB
-
MD5
2e9deb9fe69f53bb6e7b0afc4a407b10
-
SHA1
9105c669b2ac8418899de63fa9c48c0d65997930
-
SHA256
f0fa27896ac98b0dab7e62bdc00a3a595f25866000580116d28bde64e9df4db7
-
SHA512
90d25b6b665274d2bfe60f99043e2a543b0e21c70e57ba8935a32ca743dfb1fa84d441ef49090f28839d08d157052315096591788845ab19b319bc02e21f13a5
-
SSDEEP
1536:Q3KqUU0EeyGKgQiuejT/1lFNiqgDZaMkvww26rGr8:Q3K+0+2ue1lFeD02EZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4268 msedge.exe 4268 msedge.exe 1532 msedge.exe 1532 msedge.exe 4108 identity_helper.exe 4108 identity_helper.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1532 wrote to memory of 1812 1532 msedge.exe 82 PID 1532 wrote to memory of 1812 1532 msedge.exe 82 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 2532 1532 msedge.exe 83 PID 1532 wrote to memory of 4268 1532 msedge.exe 84 PID 1532 wrote to memory of 4268 1532 msedge.exe 84 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85 PID 1532 wrote to memory of 4260 1532 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccfeb46f8,0x7ffccfeb4708,0x7ffccfeb47182⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:82⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
726B
MD5a6387f1232fd98eab97a85168b37c41c
SHA13da0f022227e1175fd9f6e7446f8b903197fb692
SHA2565c0f1f3e76e770df86d9fb69b0a8c522b930029c899b1a47367f929c10cf954f
SHA5121ad88c4c842b1dcc4cef010f3047f5a82c5a607754eb7de9db1be2f44cbeb45fc350fe630cef6a7a02d7ba27501d4ead968eec5a0868ba9adc33ecc06c419ac1
-
Filesize
6KB
MD5939bb4f6fdbc48aa27a29dc9bbbebabe
SHA163d5ced8abd6e8a8ca48a4252bbbe136f3c779dd
SHA256e70d452ab2d8a9fe94455d7d202c32a8f13d103bb64cfc571cbce471c6cde62f
SHA512e86ab15db2d18afdcf3c011045b7d696fa28abfa5701059e8f5dc41417b6910af98a416f7078561ebc4e3b2a1917e588b5083f18b7bff25b989f74d4b04ebd52
-
Filesize
5KB
MD519c4f49cc44b4c78c3302efa87d42587
SHA1700919d3a69a0993bbe99ea88c3fc4f1c2e553e7
SHA2568a8935c1dfbd43d89e72340701e38147e6569feb72e416ec398f646fb7c27593
SHA512daa5ff0cc40e242eefe3c7f6b87b2c54db24028168c61f98dc91c77a4fea1ef666fce76285d9b6282ace327ed1ad1959e590507ac287c3b6afbb634122cf9e62
-
Filesize
6KB
MD5a5b5ca0fc32c2781aa0a0341fae508dc
SHA1aef260ea682044af38c191f0595038b73fbeabed
SHA25635d69a544ea62d229542708d3e2b5e2a7154fbec7334daacfe0fce542a026a9d
SHA5125429ed07763b1a959518aa91e3f7dca84789df014c5807727138c9bb3f79fd53ca686a4d9bfbc0506f48bfe81d8b2bdad60460808b1f6dcde6f7ba374b8fd836
-
Filesize
874B
MD5af0815888190bee0c985615dd85379b6
SHA1082655c2fb9488adfaee129b0a0f43ad0e21e971
SHA2564c9133e58daaf72c20a05623bec2e7afc432e43b1049eab0334b4d92a7b91d04
SHA512fd5902f41e734f5a691bf5b2fc05fb6faa449849a6827875a7f6f12f8ff622a6c6d847041188abd0a2688e240e13821a915c3ee4596e22febd2221a58b3dd164
-
Filesize
874B
MD5d9bc701b96648829dd048072a20359b9
SHA178ab5c40d0025de47e1c485d74837e9033182134
SHA256c8b682145b1d8df0c25b82602bc7b9c57fb4b66db1c895a963bd1e82e21ed1b8
SHA51247ac2073b8d0e52b2275642ad63561af3aa7fb73bd716b7548492487299e64e2d4f308c4c7a761a3d36edd09ee44afd787e0f7147c679211cd6cde10ba5f1928
-
Filesize
204B
MD595bd448c8292309c176e8217ee6bf5d9
SHA10aff2ebe39f13dc75a780da96a882cd95d8fbb0b
SHA2561852a59bf3cf2e363e2134304a9e49f8c5c7797a06e5b540dde0d704de70e5ec
SHA512440e5dd086872a1d9cde41f4c358850423d4e3331153dac92a243d984341a06426f3be187f2abf77836d4de0d86950cb489f6ca33e939da0833d66e6e181190c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58a5aeaed3c38f65d1ddb39a374285fa7
SHA105667b73716146739fffdba1a22d1f705c1854c1
SHA2563f2d0c0a0f50fbd6ae113c77be36308bfde797b0ceb465e9359b05951ddb078c
SHA5128b669b30cdbe71b1f28c6337276b4993b0bb317229272f0c2934867a80f14f4b2ca46bb398bc8708a470d99f26bc741b994dcc7b47768105f6dcbbc6eb9c9937