Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 14:43
Static task
static1
Behavioral task
behavioral1
Sample
2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html
-
Size
8KB
-
MD5
2fa1a1eec4e9f7407490d77e63984ad8
-
SHA1
cca731a458958d8ba66a1f9f77b2f729fc6e1ef5
-
SHA256
70bb51f83326bb06c45301f952e626de5425a2e7d142002a4e795cf6e977e6e3
-
SHA512
4b8ce7949cda4ccbf835789669975ce0e8106a79b84f1f03fb1149e81ddcf671a4beb37fb71d85601f1e13aa93f19944aea41caa4ed17584e981c40b735334b5
-
SSDEEP
192:SI+Fhri+KLF/sbF3jc00En7qVYDkvkE2F//J1lax7TR9PAlzLQ42GWGkP:SIui+ctcqncTx/XMfP8zLrWlP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2256 msedge.exe 2256 msedge.exe 2284 msedge.exe 2284 msedge.exe 4972 identity_helper.exe 4972 identity_helper.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2284 wrote to memory of 856 2284 msedge.exe 82 PID 2284 wrote to memory of 856 2284 msedge.exe 82 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2940 2284 msedge.exe 83 PID 2284 wrote to memory of 2256 2284 msedge.exe 84 PID 2284 wrote to memory of 2256 2284 msedge.exe 84 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85 PID 2284 wrote to memory of 4584 2284 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f8046f8,0x7ff80f804708,0x7ff80f8047182⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
181B
MD557038b08df22f2c42536035231093386
SHA143a2fbeb0fe009bd82d42355436599a3b5d3a212
SHA256e288f13264e78b55850890ba700d2a4226ebd377b5082e939ee9abfc288252dd
SHA5120115947f8289408b25d68ee754784d5e723dd6b55267fc1ec1afda2c75139f34bfba7bfaefe3763befea8cd82468f2a4099b32553aba53dc1447cbb3c2582fe0
-
Filesize
6KB
MD54985ba9416f7b7003c660309b0a21cc6
SHA1b78b2b83fd1d62b3837dafb87add1b0aaf34b99f
SHA2561fd398bcc9af485df8c6866562488c4085267b7f4ffbfb59d57237c9d0ee3ddf
SHA5128b2596c6a5ab96416294035a69834e90ce216b50b78e1fb4d9e44b6ff4df2718340c10677649dc0cd7e93ba22f09669501e98748a9663af62714f5c939048cdc
-
Filesize
6KB
MD52e194e5e8ccce055a6aaef723e81b2cf
SHA1866d5a4a293534d6dcd50c255bd9b9cf9e87ef29
SHA256291f3fad01d080cab1d3281715883be9825a73716eb6698682cf4c5cc0d21422
SHA5128d9e3dafdf2673ff9be28abeda5d504cc13ca30db48ce10b1743e3b5998ccdf0b04aa571c5c9528ea13cde722e5ceafdc3a7df9a205a4e92b0d102ea912bcda7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57b867a227389dc75a9a8ab5cc1a3388e
SHA1d5218107d1ead6a223f6da15e1eb05f994fe3e12
SHA25668605faf3bb082c383429c280a0639cea85af148af9052b7efa4af8da1853d1c
SHA51253d565e48092de138da524a08d8a9c9a6ade3004c7a7e345c556a4a9b7e754ddc6d47d7f11199ca557ad4214d3688741654cf2d5ac82ab5ea8e19596a846da62