Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
08/07/2024, 10:47
Static task
static1
Behavioral task
behavioral1
Sample
2c0a0f8236a9d88c3aae243649abd2b5_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2c0a0f8236a9d88c3aae243649abd2b5_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
2c0a0f8236a9d88c3aae243649abd2b5_JaffaCakes118.html
-
Size
53KB
-
MD5
2c0a0f8236a9d88c3aae243649abd2b5
-
SHA1
721fbaf50f88ce707ad30ba7f03a812526e79204
-
SHA256
cc9a2b93ff3264268f9dc764b4f0faca2ff372965b39ecb624525247f0791487
-
SHA512
a20b69ed2adc5b9f7ec4973e0d27a280195c24a3ac302f5f0741cecf071804f656f737a9f289c9b6664eeb34accc3bf97c53ea02526507ed9fde100785b0ed32
-
SSDEEP
1536:CkgUiIakTqGivi+PyUI5runlYr63Nj+q5Vy0R0w2AzTICbbOo4/t9M/dNwIUTDmR:CkgUiIakTqGivi+PyUOrunlYr63Nj+qB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 744 msedge.exe 744 msedge.exe 3404 msedge.exe 3404 msedge.exe 1056 identity_helper.exe 1056 identity_helper.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe 3404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3404 wrote to memory of 3776 3404 msedge.exe 82 PID 3404 wrote to memory of 3776 3404 msedge.exe 82 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 740 3404 msedge.exe 83 PID 3404 wrote to memory of 744 3404 msedge.exe 84 PID 3404 wrote to memory of 744 3404 msedge.exe 84 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85 PID 3404 wrote to memory of 4052 3404 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c0a0f8236a9d88c3aae243649abd2b5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd2e646f8,0x7ffcd2e64708,0x7ffcd2e647182⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3538598960688814083,16593424411652985898,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fbc957a83b42f65c351e04ce810c1c11
SHA178dcdf88beec5a9c112c145f239aefb1203d55ad
SHA2567bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128
SHA512efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce
-
Filesize
152B
MD55b6ff6669a863812dff3a9e76cb311e4
SHA1355f7587ad1759634a95ae191b48b8dbaa2f1631
SHA256c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906
SHA512d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e
-
Filesize
403B
MD540ac97be47dfee1acfa8570342125b35
SHA11a3bae702223ecce3192549aabfa61e080a09d43
SHA256e11638b16559ce30b267be0790f7170a3edf71db0ff69f24eae591baf512b388
SHA512e846994a06a39d552ae835513a227a981b67e6304e79243b1346a5b7528fb33e457ab6d3d8b7b5a2a618c83d1c2b0735bdfd5bff70c97bd7476415b79edecf69
-
Filesize
6KB
MD537bec093d265f8ad1b4aebe5f222d167
SHA158e9f85aaf195a23b622ba42b53bc3370f78f486
SHA256993fbae83bb5fbca77ab27394392fbf86308eaf0754e87ef88317b739fc1f37e
SHA512eba3f54064812f2cb83331b1513b43d2e1b8880ded61e46b6c7fc030718009c73391dbf81030f1101e0e235b283df7ffcb3094db3ec63bd9dec910644986d854
-
Filesize
6KB
MD555c6916de1ea9a7d68a4fc1e02e6319b
SHA13ad08dbf8ec5c7e89467dd9d156ee83c80be2a30
SHA256b3567852c24d71df3190a94fffb1628653e28b0a48159046bc676167a03229b5
SHA5128085e412efbc952e0eb1b887fdd640f650bcb5398a58722bbdab1e87d70db2e7568cf322d351c8a3a6348cd408f92e62d87ac3dc9edd2fad1b6b71f26ece51dc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a2eb664d731007f0ab80e7c26c849c65
SHA141c346bc83045fc0e7411b7e265a64091204195e
SHA256eebc6a2ef097ac581a6179dd4a4b0203519808c9a1471bcc81ced04ce628f408
SHA512d494bcadac69befe5040620e7c6abe32e0c379417c07045145e411fb65bfc3298b6ea8bb41fb1609d89cf436f62e897e03024c94d05001429392be8e99d33853