Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 11:27
Static task
static1
Behavioral task
behavioral1
Sample
38ecbfacef339b54989817914eb25142_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
38ecbfacef339b54989817914eb25142_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
38ecbfacef339b54989817914eb25142_JaffaCakes118.html
-
Size
11KB
-
MD5
38ecbfacef339b54989817914eb25142
-
SHA1
34abe67357ddf6ae9edf6cbfe24f74c0abc0de6c
-
SHA256
d8c30cc3a4d14e77a13730108dce55f964e139dede2e413b6186bf81d4d72bb1
-
SHA512
de05a3d1461b8f0def4576411b8cc11de2ce027dc6ac7d1f15f088ce0c85010a4948408802e363b1493dc666e5206557cfa6f53d8cd3887b8723e00241899323
-
SSDEEP
192:2VTlIsr038d8k/w1wvqyYBU/nNYeFht01BLOXuBuLbdU8d:sTlIcu8f/gcYBU/nNYeFht0BLOXguLZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3092 msedge.exe 3092 msedge.exe 2704 msedge.exe 2704 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe 2704 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2704 wrote to memory of 5008 2704 msedge.exe 83 PID 2704 wrote to memory of 5008 2704 msedge.exe 83 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 2280 2704 msedge.exe 85 PID 2704 wrote to memory of 3092 2704 msedge.exe 86 PID 2704 wrote to memory of 3092 2704 msedge.exe 86 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87 PID 2704 wrote to memory of 332 2704 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38ecbfacef339b54989817914eb25142_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfd2d46f8,0x7ffdfd2d4708,0x7ffdfd2d47182⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5ab4de8f4f39fc3c2cf2ca8eb27aabd99
SHA1a31d74ae4d395a52d1995138886677f0363a1d43
SHA256b22f9a32536ed8725b5adf8deec3239b7bf50783142d7a35c6ba17032475b55f
SHA51289a59905f2ebcb77c5b84e6315d975ed30f7b850d34cd8cb3c8d260083892052a1ccd40326857a7379a45879a9cb2f94ece0a223861e5626ec3c38cd8d4befeb
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5f268c278a896da76bb6e94147ddb19cd
SHA11580dee9e9b61c17551a28738c508d68bdc6fea1
SHA25691897e2924609a84fa63a916ef6f3bd4523566efadfbb936f7ff3b6aa63be90c
SHA512ae527309222c0cc4a2fb55d608c66a2bb121a6ebf26448e031e76ff9c013a6a920fa0b5397ae5bcc44fda38e50f68e90fbebd0631550fb90eee42d7c7d62e775
-
Filesize
6KB
MD587a460d634e3ba1c77cd76c3000b82df
SHA14c1fdab636ac1e9677643e42aae726d06a8096a7
SHA25674808185c1afd7c24db5cb1795f2b71114e272175ddd4306153ed8dd208e326a
SHA512c40526383ce4aae2cd89e9d9933e320b64caa4a1a39d94cfed8a656e03ad29f6da54612d9cc8297f4746b3b52655552cfd51fd779582092b1ed4b05795a353a1
-
Filesize
11KB
MD5244e678cc60f73af74090e8dc1e0a574
SHA193e78e83cc6613edfacd50648f8888ae8f431070
SHA25660ff05283f687df0db9ca21230f4cd8d666a714e0ef2db97a3fdcade3783dafc
SHA512a6992538264b8e8a14ed8a26b32f35e1666f98a56f126c5aa79e1e952fe36d8a294da3b0d60251d8e80dde6540d6eac5e16a0d2d3183f49bbcfb100a3e844bcd