Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/06/2024, 23:44
Static task
static1
Behavioral task
behavioral1
Sample
9a4a3ef6a3962aa56df5c6d7cfb558d2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9a4a3ef6a3962aa56df5c6d7cfb558d2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
9a4a3ef6a3962aa56df5c6d7cfb558d2_JaffaCakes118.html
-
Size
23KB
-
MD5
9a4a3ef6a3962aa56df5c6d7cfb558d2
-
SHA1
30d03fa579a4b03a38b960328992d3a7904810d4
-
SHA256
111fd24a7a060427c4f9074a8c4dc1daff6837f8045ebdde9a6ee424b8543ff0
-
SHA512
712164f458bcbe4708e29ae2845f611c91745620ee8977c65ae2df93de1561edd39bda47dbf4be038b5a4e990bfbc1f2b7ba29efa39be7ffb6d71c33965fece5
-
SSDEEP
192:N2Soehrb5nEnQjLntQ/TnQienn0nQOkrntFenQTbnKnQJxanQtoMNnFnQ7XnhnQE:kSosRQ/StKHyi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 5088 msedge.exe 5088 msedge.exe 4120 identity_helper.exe 4120 identity_helper.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5088 wrote to memory of 3140 5088 msedge.exe 82 PID 5088 wrote to memory of 3140 5088 msedge.exe 82 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 1800 5088 msedge.exe 83 PID 5088 wrote to memory of 4856 5088 msedge.exe 84 PID 5088 wrote to memory of 4856 5088 msedge.exe 84 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85 PID 5088 wrote to memory of 1044 5088 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a4a3ef6a3962aa56df5c6d7cfb558d2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d647182⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:82⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2888 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6195771243066840883,1036683012716951739,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD55b698c0a18e2d86ea5f996d27751ddf0
SHA1edfcc220c7fe2a9dba24babb6ecbb7146912c460
SHA256270796410e554ca036d0d160ce5ba0c9417156bc6043f31b72740a3bad77a132
SHA5123829dd64a281bb85e1375331479bd859d196a94b6b852d1f90501d2ee5fc2a7bdc371fe8852eafd8455ea166efa605d1a8ecb1a8bcfef8617bea94cfa188d3d5
-
Filesize
6KB
MD5d2b0986354adb41e120fc20383591d7e
SHA1875f28fe04bc4e8da65e98e04dcaf040b0194a3e
SHA2560f734a9c0c439327adad797714327de8875bd8f1ccc60aa00eb254a9dbc4ad41
SHA512f7fcef542c93004287588d4d90e5a4656d684f416ec0ceb34e7b4d56534b1d697df149f61a6454c49a951f4fed57e60bc27a9842d1bcc09dfadbed7ed851e3a1
-
Filesize
6KB
MD5b0d2e72c813fcd103f4ba99123e346c8
SHA13c9c77cfdcc7d5004b59c8652736283e6110883b
SHA256d8889fafb5309b28a2c2c3e5b7a66063eb846dbfb14c85ad97797fa352485c20
SHA512185c0a45fd7357d33c03f803491d0b6459632def4bc6b74928cb8192d76eeab24a80d37fb6602e44a8559d5bdb5d463ef5db7c8b71f8659c3f94f701f1c88f85
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59586217057b86672b56a15063fa86894
SHA100b109b4f1bc8080e2c17ebe4e40a66006d93789
SHA256fbfcc3336f3b4c6d5c589f84228bd3c999d086202aed278c8e0c9a2007779fe8
SHA512a5eef273d9a56c72d1bdef8039fbe00187d9ce8c9ed636f2125fa9e30d5082c2212e8b4284c314028f15b23c59e9bfd58e44d99fd83c18e43d57b5dd81e9f9f8