Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 00:39
Static task
static1
Behavioral task
behavioral1
Sample
3d3b0d910f542104834215348d652b10_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3d3b0d910f542104834215348d652b10_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
3d3b0d910f542104834215348d652b10_JaffaCakes118.html
-
Size
20KB
-
MD5
3d3b0d910f542104834215348d652b10
-
SHA1
eb3277c728078cb68c91ff5f9992899d9c318333
-
SHA256
6aeaecddbae62f35779caa22993a7134471a3887c8e5522968401ef7d2fc6f1d
-
SHA512
1a4f83310e73497e511d702c789901a6cdb9484de773872071721980817c48e5c7632ad205f926288d538821be603c45780f71f6f383c2bcb1112e47f8a40b02
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIf4lzUnjBhPh82qDB8:SIMd0I5nvHVsvPqxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4516 msedge.exe 4516 msedge.exe 4708 msedge.exe 4708 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4708 msedge.exe 4708 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4708 wrote to memory of 4296 4708 msedge.exe 81 PID 4708 wrote to memory of 4296 4708 msedge.exe 81 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 3360 4708 msedge.exe 82 PID 4708 wrote to memory of 4516 4708 msedge.exe 83 PID 4708 wrote to memory of 4516 4708 msedge.exe 83 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84 PID 4708 wrote to memory of 1704 4708 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3d3b0d910f542104834215348d652b10_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe542a46f8,0x7ffe542a4708,0x7ffe542a47182⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14517629431062035099,9407864768478507101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
6KB
MD5e49f09ae044df614d3ec9c65b5be48ce
SHA146f13ea11029486c622d608804c4d9e6f858d6de
SHA2563b52932438aaa05c98c53a68e40815088590e5163df447fabc4475bd2d5962f4
SHA5129ca110ea4bcd5c4f2520e9eb6eedfaa965dc1b54acf820072d284518b6898a1c5c5ce7353764f4671f7dc6c0681224f721ffcb251a76ca6bc3cac18c0f196cda
-
Filesize
6KB
MD5cc2e4903c75fe9418aed42dcf5158232
SHA1e677b9e82143dc48212c4752c9f6c75a321246b2
SHA2565628bfca2ff40008968a6453915334f8ad0eec17c3e02d52770a71d28a14948a
SHA51279526315a8f7a87da560bebbf07feb5e547bebbb853794c0f857752a2890e2e244d5f6c8b3fa99b5266cb95f761a2afde1ec6b14771a714902eecb6eca692ec3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba32d5a9-feed-4a88-94de-742873bd2e23.tmp
Filesize6KB
MD5be053895900c0db284d8e5419801aea4
SHA16f781411a8ddc2f529c52dcfbb9393b7dfc28f9f
SHA2568728b1209512b7ee3285f08db77db92f31ac2566be269122a12561541762246a
SHA512852154daa63e59d8e596fe8024b896c09f247ca666d8685947fb213db5d7fb6d9319b471ccdfaf8f62843c90a3a44c36d2c39d851ad250608b2667572fa97cfb
-
Filesize
11KB
MD55404e0d8b46cca025827a0c0efa2a12c
SHA17ea1521bea7634d73dae767add17c8ff773b60ca
SHA256a999ad533b25ca2f07fb879cdfd0f29e5e87e5d0d2d751b7a9705c52e782a452
SHA512e61c4a873c85d4ad1037c7c30e60cadbe5c475e125777fff08a9a8bf5cc5df8b637a9bbc53ca092a92e591d611946ca3685086887c6bb72579e8d451ca5119e5