Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 15:25
Static task
static1
Behavioral task
behavioral1
Sample
4a42a4f7e2e71c151e47476a41fc30db_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4a42a4f7e2e71c151e47476a41fc30db_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4a42a4f7e2e71c151e47476a41fc30db_JaffaCakes118.html
-
Size
3KB
-
MD5
4a42a4f7e2e71c151e47476a41fc30db
-
SHA1
05113f57429e032ab582bf48613ef1a1c6328a2e
-
SHA256
a5f18475661d85f214a02f5ed2ade6f7878314e58127e9f525e6fc8ead5e1a20
-
SHA512
e94f58a21beb908cffd0dc3f9a668d5f39f3a6676b3a4a3eaa59bbe9fb01a18ee5ec69af6075d07cbb844c1769ee93dfbf204c7b0329bdbd230f133d6659dd5b
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1368 msedge.exe 1368 msedge.exe 4412 msedge.exe 4412 msedge.exe 3172 identity_helper.exe 3172 identity_helper.exe 1884 msedge.exe 1884 msedge.exe 1884 msedge.exe 1884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4412 wrote to memory of 1460 4412 msedge.exe 83 PID 4412 wrote to memory of 1460 4412 msedge.exe 83 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 4384 4412 msedge.exe 84 PID 4412 wrote to memory of 1368 4412 msedge.exe 85 PID 4412 wrote to memory of 1368 4412 msedge.exe 85 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86 PID 4412 wrote to memory of 4832 4412 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a42a4f7e2e71c151e47476a41fc30db_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc55146f8,0x7ffbc5514708,0x7ffbc55147182⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,10503913182264584924,5022469725096383398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
Filesize
6KB
MD50e27b32009f0a54465daa2cabaf09d40
SHA19779eee3dbfc404329dfb69ad8b4c85fd2e527f3
SHA256e96b281429ca824a7c285fa4618373a5b28baffcd6177ab2351a9f8a75ed4863
SHA51262e353073f6fa0cf10f0c4235be70e5aec508a9cf6dc5c19cb1f7c36312e84b78358da92a5a04e90d273ca0e381c19d1cae85a55327907a5c179f058cd3cb8c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a84927e8-df8d-490c-9afc-9d369628d6a1.tmp
Filesize6KB
MD5cd1ea48af688172dfaf609098d20f385
SHA1c8962c5459f49050b96a37729c62e8f8a86a0aec
SHA256f724e90bcda9a94658fa485b471bce74183dcf0adc2401f2840c8149273c9925
SHA51213f23e39060130bea6f66fe223400105257106e628a4b931e26e230093cbd0069dd81c7c88fb5b351ddaca2f10d110964f353c9791eeb49abcf50f822c460f01
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD50322d293e79d0f94b80f7e3f011928d3
SHA159706d40b2eaf7ff88fd9d6c3a4b650a132c2fea
SHA256e8175e6030df908af812f8ef467dff695a9f7894121555dee7f4ac8973f6a72b
SHA512f940c74044297d097e52fdefea056a2435d02bbcf3ba99f6c9260df8f63924a4ae8e17b926f2c9b496aa656817f607ec0d10e0bcfd9579f1bccdc44de23d29f9