Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 11:29
Static task
static1
Behavioral task
behavioral1
Sample
34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html
-
Size
78KB
-
MD5
34885bcb77eca09701ce817afc1c033c
-
SHA1
633b67ad74fff0c4efc0158478d2bbc3e186dea9
-
SHA256
faeadcca2e4a4c8948bbed6f9da4ca4c7e45b35fdc2e4f0f729bc47f620127aa
-
SHA512
d4d9a0edacd3f6ed8f2e6af8441cad0ee6561c0466fac870258fdfc6ceaebc0d9f3a01082b48602fc810e79065acf1c59298860e6f64360eb7f15f3a0a00cafd
-
SSDEEP
768:CPh7ye2sH/MXgyjCKoBfuS/7h7uIuKzNyGsaMWxS+uGIRw:CPhxb3I+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4688 msedge.exe 4688 msedge.exe 2404 msedge.exe 2404 msedge.exe 536 identity_helper.exe 536 identity_helper.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2404 wrote to memory of 4464 2404 msedge.exe 82 PID 2404 wrote to memory of 4464 2404 msedge.exe 82 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 3728 2404 msedge.exe 83 PID 2404 wrote to memory of 4688 2404 msedge.exe 84 PID 2404 wrote to memory of 4688 2404 msedge.exe 84 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85 PID 2404 wrote to memory of 5072 2404 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d95b46f8,0x7ff8d95b4708,0x7ff8d95b47182⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD575c9f57baeefeecd6c184627de951c1e
SHA152e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15
-
Filesize
152B
MD510fa19df148444a77ceec60cabd2ce21
SHA1685b599c497668166ede4945d8885d204fd8d70f
SHA256c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA5123518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef
-
Filesize
192B
MD50b7181a0c3a32055898b296a0eecbcba
SHA1d6da6b05720dfc6bcd19dc595a7743558ad81f64
SHA256f5c1971241b869140ecc6d339b92b861e4efcf3d32e041b583d3683a08ff2112
SHA512691d613b292b9886783f48e5b8cc7a78678df2e7f09928132ff8126e57b9a1e315a3f2bceaf2d737212630b089c99e25848b0a4e4fc1d6db510bfa387cd5044e
-
Filesize
6KB
MD5ce3d4be20bbb0004ff925fb873e72448
SHA1b9b1068cb0b682abcb79176ee162bef040bf6f0e
SHA256966e94ab651cd0f4312f773aff52f791db68072e8fbe1842bf347f1025e0ae14
SHA512960dfc68a446e7c013fe5d777af3897f9acd58ab7e58bd123afe8e46ee9c971291b74ae280ce0bf8f626d2673dfd9bff6c39616839f56a288d3e7df86110b414
-
Filesize
6KB
MD521b41af11378ed617e6300d60dabcb6d
SHA1cc17beb9463e6ef2304983aec82c4dad3285aaef
SHA256bed4fc840557787de6d93949eef733f50ea318d8e5116e381595fb5a06a5909a
SHA512b36df681f36a5f6c94a4976641440946b06dc9dfe474562d01ce19734d3e352349690220fca5309f5b7bcacdf7740e2ca38a35d81ad2b61357c3d084116d745a
-
Filesize
6KB
MD529ff47ae74c498c53f9751372cf37271
SHA1fe14ccef50843e71fb43cc8d21808f51418d7870
SHA256e44a0a01d288d5ac5a6ff7d7398aefdb2f63689b29b9b95112133487f1835750
SHA51227d3140d32fa1097088b7b1e5d62c2ff297f88301a18142624d01530288dee71dae2dcb5294530b26766d0dd6e91a54995d9ee80d3beeabcf6ac2cb9e217a49b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD551b57daf71ba4fea86dab09be76e9f14
SHA18abbd6696f41fc2538fa39854ca8f846ba9dc055
SHA256ade0905546d624d71afce7b530b68f348467a1777d050a0f736575d409aa7f21
SHA51235db9d7dc8ad5e0c72da9d0f097f1625a3c324471d16f257aa0ce38c0818152149172120709e4b9c836c79d4953c00d751b190f497372c99680f75b490908cc3