Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 09:51
Static task
static1
Behavioral task
behavioral1
Sample
2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html
-
Size
23KB
-
MD5
2e8c0684c825b4a28faa8b45d6c2dfbf
-
SHA1
a90b4fffb32a3542ee70a110f6917a114713e560
-
SHA256
511db444c3f31b8e592ebf4795b0d96a0cf7a376c654fd1eb10ba6e8df7852e6
-
SHA512
01efdeb2ef337f429525c306deadab9eeb6f365ac6897777b14b935e8c6f12294da4956e001adee0d2385206e9a66cdcb4f0ae5e6e1636712054e4aff1600b94
-
SSDEEP
384:SICKX/eUvy2snFbmdmoQvRcBwhUMcfgMSQsOMbMgj4:SLKXprsFaoyfhSQsOMbMgj4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 3996 msedge.exe 3996 msedge.exe 936 identity_helper.exe 936 identity_helper.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3996 wrote to memory of 4584 3996 msedge.exe 82 PID 3996 wrote to memory of 4584 3996 msedge.exe 82 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 1464 3996 msedge.exe 84 PID 3996 wrote to memory of 3028 3996 msedge.exe 85 PID 3996 wrote to memory of 3028 3996 msedge.exe 85 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86 PID 3996 wrote to memory of 3160 3996 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef86946f8,0x7ffef8694708,0x7ffef86947182⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
744B
MD51808716c0ba20464926bdfb5f17046d0
SHA118fd32dcefda073bf97e1c0166fd4039d71d9593
SHA256962cefe851f1e05139ca487bd8b7c50df43f7a7a2c7aab3789bf9e821e3edaa3
SHA512289a58b1efa69271dad25da81dab5a23b9792fa82101d07769acd5483fb735e57c01072b3d27a1d5b4e6bf9e0a1e2d6b216fe1221bb27a970c057d872857e131
-
Filesize
6KB
MD5d31a1779ab59f857f9fb61df351ad1ce
SHA175936ea35ce77049b2106107664cb65fd6e64834
SHA256b7dc265e006e71dfafd19cc19fad393172a9505e037f98707cfa35b3f5411137
SHA512e1cfdc972f13897adad2b4baa3cca8cb81806941dc8990e21fcbba73167013794a9e126f4431b432f99d17b8827ec7149b96d4ff9e890f9c0bbb4b3e244100b9
-
Filesize
6KB
MD53413e4dae759ea8810627433090ee8fb
SHA1f6023ea1f82eae4a3228fd398382d8bcd4a1ef0c
SHA256c2e61caf2632ad41e0902cab18414fa2b8cbd88794215fb1761e4e6b7e5dbf3a
SHA512a8b9f60a1f4b51a9358b16310c76ecea9deed5fd11354ea1130feaa9426d6b38f3f5f9697c96232bffc3ee30e6454cbcb79b15318702a48548765443377b43cf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51822b13338dbba5033364abe7b06dd90
SHA19e3dbc6fcc7cacee3445142b778d22fb1fb1d5db
SHA256e08e486fb3bad58eacc11d1223952236c3eb84ad73edc35d13861d1a609de653
SHA512687071b2a35a7d0a92caf50befd57714953db0efe0b7f6e600a06ad6a1a9bbc71390ce6fecbbdeda9901d86721fe37b33068a9eed8ee741194a2694e5620b80f