Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 08:59
Static task
static1
Behavioral task
behavioral1
Sample
4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html
-
Size
36KB
-
MD5
4524a9ab3bf4ad45920e4fc4c4205393
-
SHA1
80ff1902972318bdc1323c8b4a43c8b083e22688
-
SHA256
382528ae91ab91599be74f76a7af58aa9dfdc3c1df452de2ddb18954fefc1ba3
-
SHA512
f43d71e0e62be5c1c61ea6b0c2b2f1aaf15ac9bc64364215da72a2a558f31880957e630bfb7b3fdeddc665b7c1eec1acbec308060eefd08d2c0d3a62ad83b62b
-
SSDEEP
768:zwx/MDTH1d88hARqZPXBE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TyZO36u3l56lLR8:Q/nbJxNVFufSI/S8oK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3516 msedge.exe 3516 msedge.exe 3528 msedge.exe 3528 msedge.exe 2804 identity_helper.exe 2804 identity_helper.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3528 wrote to memory of 4892 3528 msedge.exe 83 PID 3528 wrote to memory of 4892 3528 msedge.exe 83 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3180 3528 msedge.exe 85 PID 3528 wrote to memory of 3516 3528 msedge.exe 86 PID 3528 wrote to memory of 3516 3528 msedge.exe 86 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87 PID 3528 wrote to memory of 2640 3528 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4524a9ab3bf4ad45920e4fc4c4205393_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ca46f8,0x7ff9b8ca4708,0x7ff9b8ca47182⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15048886487702610401,9764162527750602827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2440
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4504
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52f842025e22e522658c640cfc7edc529
SHA14c2b24b02709acdd159f1b9bbeb396e52af27033
SHA2561191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e
SHA5126e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05
-
Filesize
152B
MD554aadd2d8ec66e446f1edb466b99ba8d
SHA1a94f02b035dc918d8d9a46e6886413f15be5bff0
SHA2561971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e
SHA5127e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994
-
Filesize
614B
MD56d32c7cc1106b7856b57ee2b6e2d6947
SHA133c9679b5a65d89a2e9657c9c2432aaf73a8dc88
SHA256d919563fcd1a7db37f8dbbc62a8afc408ffe3d827fcbb8cc1becdbf16aeec048
SHA5125d11065ae2323ec8076b65fa8982edbc7f2377521874a67eb620d6c48321c757cbef282bfc1dd0a7a71c2d13fb5b5dc3d6710dae59231d83626405fc8d002463
-
Filesize
6KB
MD5008fab5954a44a5c61d2280de5111d91
SHA185d9f7f9d798cfb4c8367bda9d3f98d9eb7e7031
SHA256189d364e14fbc9f58160ae7432907779205bbc474e0156da0213ceb77f1ecb4d
SHA5127d36ccf729fe3de57d2f892f0ab32f287623e5d42381e09eac21e94e94e92a46b09c43ee35cc31fadac97fd48b4037131f78ae64d0833827e60f12b96190367d
-
Filesize
6KB
MD5019e9d9b1ce136f93a40fb905ebf62ac
SHA1d290f03eba5d2cd6c11c4aa63778ec9638a889d4
SHA256e7631011ffa27dbc197a83be01be2e38d9c1d3aca7b8ca9c19f527d1f103a37f
SHA51243abe47c2a9bafa1a9627365fd3a3ef3ae841819579d3f15759981f57b468f5d121449141ee97f508c1aadb5668add309ee5f1e4592198a6a2660fec52f07f12
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD538f4c3be7839be55df6f0360b2e7b138
SHA16e388af66b0c12d0f3bbf48afd4e2d530eda4df7
SHA2564694cfd3c97134672d0c8e8abb556e8316d8d0ba8b2be52003c7800951868e9e
SHA5123df5b7b08e5c43529beac5333ae675bdbc52ad64efe7f3ab430f7e450b9ab04a01a65bbd1524533545800e99dc17106fe877f82a536e3e523113d7b05f0a69b1