Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 00:05
Static task
static1
Behavioral task
behavioral1
Sample
2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html
Resource
win10v2004-20240704-en
General
-
Target
2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html
-
Size
271KB
-
MD5
2e4fca1685a2240b5bfac8ced45d063a
-
SHA1
93ed4cdda717a58baad896b1cf5d84ccfc082825
-
SHA256
e0f10f6dd4a0c05059cb5943326c9de86e41dc35c0b36dab619850416dcd72b7
-
SHA512
e3ec7a43c0aad2f8755c21dcf946f51bc2ac03dd5efc1272623a053097e247039b06fa2ddef2b3ed202dd8c5bcb24f0dcc883de12343d8feebe83e1ad1f71791
-
SSDEEP
3072:5B2nptrLcfu37p3vcGcKLhsUrAoMPUxdRPUxdmQaVLLDpInhPFGn:5B2nptrLcfu37p3BmMxdRMxd03
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2964 msedge.exe 2964 msedge.exe 4932 msedge.exe 4932 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4932 wrote to memory of 4908 4932 msedge.exe 82 PID 4932 wrote to memory of 4908 4932 msedge.exe 82 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 1100 4932 msedge.exe 83 PID 4932 wrote to memory of 2964 4932 msedge.exe 84 PID 4932 wrote to memory of 2964 4932 msedge.exe 84 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85 PID 4932 wrote to memory of 2772 4932 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f4247182⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:3684
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5c0f38910e4be3afeb1717850ac73c0d9
SHA12f1907b88ad97b29a08c0328bba5e12f046a0b18
SHA25650a5d36a6bea0f3d61f6c5e219c633351447114124e7c602bd5a92799e47e1c3
SHA512421265b5f52356a5579c9c4d295ca11d0382704dd51ebb5b5b73d214e536a080095ee8e7b52ae3c81a25ef39380afd47c3e4a1a5000b3b8ec39ff35e6a4d9d49
-
Filesize
864B
MD5f1a8eeeda2c854c2959394d812f1abf2
SHA1d5fcc7d6337725bada76e4f3f2968707cb107b67
SHA2560ac651627211578e1cee62a0e2800e9ed97d51db9850d7dfc9f6375299faf23e
SHA512ba42eb3c9b4040bc0e5c1388763bd30b8a2400d92453a5242e52fef8c4894ac39192fc8807ee2d27baafddf34ae841476c526e9cbfb9b7a71b4ac5f7a9b4229c
-
Filesize
6KB
MD5a87e10528d95a83b8e7410631dd52d46
SHA1610cbf7c5b989d8b387c613a7e27f31901fd9950
SHA2568197c9a2bc4ec6e7b795a977c96a0eeae9d3bb45f6986ee1cf5c30089e01d22c
SHA512637e3cd6d6651df06dfabae015f79af73c9300755930c8cdc25b09943dd918137ab977f6b0f5625a32cb5e476e6312ec085744de79b4276d38ef42f98ac7b4c8
-
Filesize
7KB
MD53c8d0568e0ee0e0c2fc0cafc0660640e
SHA1d28a100f73c8878d34c580c742132d1600877a82
SHA256cfb10ca2121cd9af1a92bf65bdcb36270a038358881d709f78b1927f6b6d0309
SHA512ca833146049fb6e42a70d6d96c0a7914ff3bd9d467bb435396dbdff37b23f0c452e051465b81d078a489cf609ffd96677679672d8cc85fc3c8edff32e7759625
-
Filesize
6KB
MD5068e2e60047f01198f10489ac6599f3a
SHA1561d3d8d3aea72329ee3a820652846d8cea2e076
SHA256460c9e7a278c2ba20cef3f1b6510fad3e0a39258403545870598668fa1e5d93d
SHA512dbdcae3e0f4806010779f3f76de4fa4713499542085c75fe74e8ab1aaa96330897c8bf672117c07409ca1abe5794255ac9d4ce2e0fd7f31922bc24a7a9ebb8f3
-
Filesize
11KB
MD50f17d001eded08466756a29fedba57d5
SHA1af25b87e92ec35782c0028ea0bc22e911325ed9a
SHA2564b712a0edfacf85ca833af1e99ec9553bf20f5c8373a9a3a5b52528f9685f3f5
SHA5129f3c2d01d20ce3311cdeacad547d344d5ed83dc2149d80d74c11701dea07bec40fa33a912636876056b1d09a9a450372a339324f7fa286a50220c3713ee927bd