Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 10:50
Static task
static1
Behavioral task
behavioral1
Sample
b31f4d9a900d9ce40b8f1639bf774554_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b31f4d9a900d9ce40b8f1639bf774554_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b31f4d9a900d9ce40b8f1639bf774554_JaffaCakes118.html
-
Size
139KB
-
MD5
b31f4d9a900d9ce40b8f1639bf774554
-
SHA1
2fbfc8d3c9f16391c39d30d79db553cdb9317204
-
SHA256
5ff5afe1f5b7cc2446eb8bec56fcd68bc0d0a5a8e907b184f903eba9563033f0
-
SHA512
3aaa65d0ea1d1f62a0fd345a5d1658ed4c5ffdd9fe892adfcf6238ac3c88209e09857c7af05868adae48ba0b5a78cd0aeca286610787d911dacc865b107c3d7b
-
SSDEEP
1536:S3zrfl/yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:S3dyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1212 msedge.exe 1212 msedge.exe 228 msedge.exe 228 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 228 msedge.exe 228 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 228 wrote to memory of 4680 228 msedge.exe 82 PID 228 wrote to memory of 4680 228 msedge.exe 82 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1520 228 msedge.exe 83 PID 228 wrote to memory of 1212 228 msedge.exe 84 PID 228 wrote to memory of 1212 228 msedge.exe 84 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85 PID 228 wrote to memory of 2624 228 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b31f4d9a900d9ce40b8f1639bf774554_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfd7b46f8,0x7ffcfd7b4708,0x7ffcfd7b47182⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7069589449688221244,1496987272267390141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:532
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4376
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD58fdc542622c7ce81afb26a96d7c1b6c1
SHA1d0d36a12ffbc3d50f092ac6a597725048bbeefcd
SHA256835d10b26bed22bd3dbb441f525d87eb080369a9e1013d70c769fab6f0241b0f
SHA51203ef0f0099742ae77959202c0ab799557a63d71a6b47a2c03ba1db453bccb0aadc0c7420d48b2f11241c349903a22d0354009340786485de8a40472b5affc9f4
-
Filesize
6KB
MD5d5807df5da64d44c7ba250e5da0800f2
SHA18ca9b0dc04cf8bfaab855b44abb957261f579cd4
SHA2564259e37c565d18364a548f0c497e2e30222b5156d2e490e737d9b414fd7856ed
SHA51254bb1e9aeaf24a70248ae070b5f0308bb0f48a3de3d338a6c7b3dfb565df1f24f72f6c2652b8910c2228b4e9b9f46029424751a682b4b9d5983683bda0c9ab4e
-
Filesize
11KB
MD557c119d7763a019327ccfedca63204a2
SHA1ddebe448ee420c1c3219610ff02c12c50e664398
SHA256afa335798c6ecef435034ddab822d086c72975a86e14179f10f4f350404248e9
SHA512c80b310ed300d711cdf08dbc7f9c6369f8f8f8183d5ed028da4ea9144764978af2ba597e42e0c59f2476fc420da08a7d0ca0f323f57e2a329089a1eaf91736fe