Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 08:22
Static task
static1
Behavioral task
behavioral1
Sample
a49b62b9b8e54f28631d7487ecc284d9_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a49b62b9b8e54f28631d7487ecc284d9_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a49b62b9b8e54f28631d7487ecc284d9_JaffaCakes118.html
-
Size
36KB
-
MD5
a49b62b9b8e54f28631d7487ecc284d9
-
SHA1
8f41b0e9b8dc232c1b1a8cf00d22cb7dc3467c19
-
SHA256
ebd736210a2afebfb83e89019c19dd998f3d5bbcfde1b80cf593374f28955771
-
SHA512
f252b7d6abb8f2a268e86f5a61fa5021fa8ae98f45accb787a2f1b64ada74c56a6ee1299246e166ad9c0bf666588609ca005400f16b648b9428cd48ed593ef6d
-
SSDEEP
768:zwx/MDTHeA88hARGZPXpE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRQ:Q/LbJxNVNufSM/P8pK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2828 msedge.exe 2828 msedge.exe 2972 msedge.exe 2972 msedge.exe 4900 identity_helper.exe 4900 identity_helper.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2972 wrote to memory of 1164 2972 msedge.exe 83 PID 2972 wrote to memory of 1164 2972 msedge.exe 83 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 548 2972 msedge.exe 84 PID 2972 wrote to memory of 2828 2972 msedge.exe 85 PID 2972 wrote to memory of 2828 2972 msedge.exe 85 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86 PID 2972 wrote to memory of 3624 2972 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49b62b9b8e54f28631d7487ecc284d9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed847182⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,979531702050582691,6307592927360207291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:928
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
614B
MD51bcc152681d4442a0e4603f7c79409c8
SHA15bc249be27a40c4bc4e8834e3438f8bf29bbd639
SHA256bc211d558da949350d7a48a70eed2fa520c57e591397fbe221147399bb15e4c7
SHA5122f2480dbf6b5b1e941c88112121262f3d981e1a7939e21acabda0a21be4ad1def5dea68d029f0311c05c9e7821110bc0c4c2b0e4419bf6a7221ccf977bc6276d
-
Filesize
6KB
MD5cccacc1733650b05f75d5fdcfb6c6579
SHA1b7a40d59bd66e882f795d0fe9999249ee8990c8a
SHA2563a9e8a670745608b93e8ffc97105a6e5d6a913c35d4148e53b991c08cee20f3c
SHA512df69a6cfa89d1bc847becfd9324978bac2ad882d345a15d68eae5acd58977b81bcc9387fff0beaf87cb2e8f4697accf16fc6a7bbfb5cbcf7d10db61972a41c23
-
Filesize
6KB
MD552d04ef05ee450d89f5de8e7584d14d9
SHA1d10125b742cb18c3000be996b0c89b1e3a6094d2
SHA256d0769e6e05e5453e2330cb6900126cbab58872f1a6071a49fe387aaf0c492e10
SHA51238b5bd15f4ba945d3d172ca09512200306b06588fb375ab8e34f24f53f9ae8b9ffb5886e0424384a2eb88943349ceb9125e8449e1be419afe596790c9e841305
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e33f41946ed698f58e9d1240f09d45b0
SHA18a2b328d01c8c6248a454764fd99176837a2dd3d
SHA256e28a308c1873cc36a6e250b614fb00244743d30220511f52ee48729b323f0dc1
SHA512be77f4518c620f729fae474256f4cbb5f6dd25d86a6e87edffcd2021c6693b2e9f67a84ad01af6283c18f26d75669a1840bf16a768734c8bdfb1df77db51db13