Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
4c59d6f838caa709f3c61b01ed1d1bdc_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4c59d6f838caa709f3c61b01ed1d1bdc_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
4c59d6f838caa709f3c61b01ed1d1bdc_JaffaCakes118.html
-
Size
123KB
-
MD5
4c59d6f838caa709f3c61b01ed1d1bdc
-
SHA1
ac3e84ebff62959da84e56ec927ecb58f4020bfb
-
SHA256
61a36296b27467e85fa024c2f33c9205f1ca1cd9be0be5f582f5604782003c67
-
SHA512
bacdde3b3f406da36306f6978daf836ad4602dede15eb0834e1054f21894913f9ccab6e25f27c301f1ed7fd02035934fd07808a209418283416abcc9cdea7701
-
SSDEEP
1536:TZ6KBjQhVkA8PBxSRgW+VritJS2CmbFwa+B/:sKS567srdPvG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 1768 msedge.exe 1768 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe 1768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1768 wrote to memory of 4536 1768 msedge.exe 83 PID 1768 wrote to memory of 4536 1768 msedge.exe 83 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 1852 1768 msedge.exe 84 PID 1768 wrote to memory of 4420 1768 msedge.exe 85 PID 1768 wrote to memory of 4420 1768 msedge.exe 85 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86 PID 1768 wrote to memory of 536 1768 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c59d6f838caa709f3c61b01ed1d1bdc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb261046f8,0x7ffb26104708,0x7ffb261047182⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17931999186452546948,14199310260198244835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4820
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
6KB
MD5e5e74778fe219546f6e07d88efdc497d
SHA1ae9bd7d855a97e6923af0280ec937376decbca07
SHA256c6fe533df5d7094d83d71b8c42a0ae4d8d5c5bb897b29bad5b6fd2b45589a6f4
SHA512bfcad0522317543f13eb0587f28ac0d2249c9a30b45d4babc9597ddeda558640ed93ac1495e1422f1160d637f0227d49a788792528d31ae9d9ee14d4c7ec2ea9
-
Filesize
6KB
MD51b0730caf0a351d559c78500cf534cdc
SHA11b887194a428d782cc2895476570da08dd5a056b
SHA256a5152840dac85120a3db198345d17321ad73d7e009725c22509e3c841abb665f
SHA512ae6d97148fe95888cc6b3a15d2fe03663dc326ea5ea218a6c22c76f7382defd45d92f4a61e119ecc620f618247ba1b4d98c83b3921254487a56fa744a724b6e2
-
Filesize
11KB
MD5080a1580fd0f5ddfc648f8d4a8398add
SHA19684d4674575bae55a5fcf87b3f4b4c66027e349
SHA2563f82a6b2d436ce26d647b60dabe2a81b72844bb7aaee79b11742a7b5bf46c611
SHA51274eda67c0bf7e9315d0c8052e5f86a7869636a9683fe81ea266482a243fb1f1f7221af59611d54d6c2693e815ad3092f24bf71ad8492ecfb9349e50f78a04601