Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html
-
Size
40KB
-
MD5
740621b84e44de320e6a9f2bb9f36205
-
SHA1
21986acb440e7b6201291fa02f5ec1d22c7ce2aa
-
SHA256
956ced19f7d3896da8c21b15d1e93bd6f298b349083e045e657caed5aa7270b9
-
SHA512
2f3a0571e0c53235e3ec5da4bd7b162570825ad28991a82b8c498054656a63487a05b5a8420371b8478b83c8bc452664fad95c55646750b43b63f7e99ab449b1
-
SSDEEP
768:t4h47POJud0W686f34tVqvdlqY5B0XQkPpL3k20XVEuFV0XV45qS:Ch4Tyud568rqv7zgQnrVEAmV45qS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2984 msedge.exe 2984 msedge.exe 2532 msedge.exe 2532 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2532 msedge.exe 2532 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2532 wrote to memory of 1512 2532 msedge.exe 83 PID 2532 wrote to memory of 1512 2532 msedge.exe 83 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 748 2532 msedge.exe 84 PID 2532 wrote to memory of 2984 2532 msedge.exe 85 PID 2532 wrote to memory of 2984 2532 msedge.exe 85 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86 PID 2532 wrote to memory of 1580 2532 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\740621b84e44de320e6a9f2bb9f36205_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac47182⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:22⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,6217225320601448477,676795907392451362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2344 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4056
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3196
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4476
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
23KB
MD53f43547cfdc18e5a940c39aa72e0eba3
SHA15105f5c293d83d4dc0930ba91fe3e7ca5be39259
SHA256e4a7b714be04434217808adab489be475c2293f5f59aaddcf3ae3dbef1dc9f60
SHA512c63478fc7cde2b01fe4aa616ce8145a6e1bd7751a24b57f6cd37f6fd98588060cade4ca85eb36050a29e90377883d071953439b4c109898ca8003531278969ab
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
394B
MD5c4bc6f9f6137e24064fd8ae9bae1d8e8
SHA1a4408292a1435e9bb1c7ed88fcffae8eefbf76f1
SHA2560573e07fccf44cc293b4e79ac96f312e247c5e79465718bc04a2170ebe3de5d1
SHA51231a2dbf90e7c2d80fa8535a69c061e8cf9aeb5c9323a09381ddeb8d20519a1ec4d2b658b316191a7bf9bb8df74dea9fc0af59938d5bc41398fc16797561e547a
-
Filesize
5KB
MD578c4763f3dc5384ecfdd277fc7f24a24
SHA1c9e17de949c54b8afb67e286754e704d6c2dd3d7
SHA256a0bc446c88a715180b1dbf100a56686b1ebd55bf66da8bb3e0919a9667117ca0
SHA512777d66b8741e3a3541984fdf47d58406b4516ace2c8b5e0da25d0c20299972a8eec808d1216350ab884fcef9665f0ab68579f8d84cd69152e2573d7462ce3ab7
-
Filesize
6KB
MD5a9a9213b5e86f9855b8953267f0087f5
SHA1a49f0e0d16ec03fac2a02e208442c8bea1da5cb4
SHA25655421d401e23397143c12287081e7f3b63d16220529c70ef8b2db17e2cc87e56
SHA5127cb00cc10b6f1459ef1852bdef6d6474b69033a4809d66444c412dbc684e6a4b47c1fc2081427a58281a507cd574a371081f0fdb90040fb2c1795e3f062adff3
-
Filesize
11KB
MD570eb228a2187dfd98460b9f1ac315d8f
SHA1d44ea70bda835d6201a2ec57d77fd878d0b2c79b
SHA2567695f8b2428cdfd7119215815b604f6746b389680a92389cdb657bf3ed0b8c2b
SHA51273a84d92fa8d526db254eda403720c02d6de8c77711f82d134a4b7ca6e89212a1516f6bb2fba80975f2f9d93a5f25d2df7328bda62fd4dfec8d7ec3b3e6b272f