Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 23:01
Static task
static1
Behavioral task
behavioral1
Sample
4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html
-
Size
121KB
-
MD5
4727b5ec56fdc646d4a94d662581fd7a
-
SHA1
83e96ac2fa2af9cecf61fa19cf691a275a7f1bea
-
SHA256
60a2e95d708b43bdfc043a9a3bd737e6c8ef8a3a482dcd248525d868d5ebfa28
-
SHA512
38bb1a3c9c808dfebcbb3fefc13d5a86db048e3e5108407e6deaebb2d6cd9632e77b8d523d4a02d384e3f2f249d8bc78991c9879786c7fec84aabe04da386b31
-
SSDEEP
1536:aKIBtMEFrm8slKIzeFjNI2g3tUdvpNxSfX59u:aKIc2rjslKIltU5pj9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4004 msedge.exe 4004 msedge.exe 2128 msedge.exe 2128 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2128 wrote to memory of 4520 2128 msedge.exe 83 PID 2128 wrote to memory of 4520 2128 msedge.exe 83 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 2680 2128 msedge.exe 84 PID 2128 wrote to memory of 4004 2128 msedge.exe 85 PID 2128 wrote to memory of 4004 2128 msedge.exe 85 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86 PID 2128 wrote to memory of 1268 2128 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7ad46f8,0x7ffdc7ad4708,0x7ffdc7ad47182⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56c86c838cf1dc704d2be375f04e1e6c6
SHA1ad2911a13a3addc86cc46d4329b2b1621cbe7e35
SHA256dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb
SHA512a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37
-
Filesize
152B
MD527f3335bf37563e4537db3624ee378da
SHA157543abc3d97c2a2b251b446820894f4b0111aeb
SHA256494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a
SHA5122bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\768d87db-545e-4744-b71d-10fc959687b7.tmp
Filesize6KB
MD5df4a899914e526df78f5f1b8040eb0dd
SHA1e4f0b97b099925e508f7859db4fd30b2d30a8c12
SHA256be60a162a5482f1165f4822180e22a7e34706a92d8a4349fd52b66ec189d03c7
SHA51224d1e90901334befda6ccc6e8160be69f9a44d6c83c77554bef0ead6d79eaa3e5d94feb2b4ab89c6b0d037d6a5a9e782cd75cbbc2476a54b88056b7043cc17c7
-
Filesize
6KB
MD54077b16e8a01eff872f82cd57c39aa20
SHA1f60f3937ce5902504fbbeb47e50c849f92399c5d
SHA256df82c28fbdb00f224e08f5a71cc2aaafe182d5692d0d643cc598fcb78e90d319
SHA5129a04ca6b7d25e06b6b833dc6b61053a4a902ef6afda0d0022225e66c07dfa56c0da932d4c46f943fe27351973e619e584559d65ef483376bac179baa6f52fa07
-
Filesize
11KB
MD55da542f9591f34d1b1cd0db469325791
SHA13cd4f8a92b6f972b5e18f442cfe0b113d2b1fe80
SHA256cbb1eee2c678b1aedf4ff55555d7709e19435019f482a3b247203cb3409fabbf
SHA51262211b0fc8e7d5f9c0a778dcef8475e149e5d94aeda61555e0c8ae72c2f399eb9a57715be072613e854b7330a164fa59a9f98d98585c539f6ea96e2c3d04da47