Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 19:46
Static task
static1
Behavioral task
behavioral1
Sample
70f8ab658f5266aaf76e329143aa53b6_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
70f8ab658f5266aaf76e329143aa53b6_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
70f8ab658f5266aaf76e329143aa53b6_JaffaCakes118.html
-
Size
1KB
-
MD5
70f8ab658f5266aaf76e329143aa53b6
-
SHA1
a2f7b931947935d13556387b39c7bf2fcc62627e
-
SHA256
e785e32a889e7154446496c0a7b91febd28d1d630ef183a8f4b9993b296b4db8
-
SHA512
11962461a1a85b92f019713e6db063a885fd5946c51167eba917f7c36395e65e7a2f61c007979003f245adc9e62ffad027c443d1cdfd68bc7d82d68307bfa5dd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2956 msedge.exe 2956 msedge.exe 4284 msedge.exe 4284 msedge.exe 1656 identity_helper.exe 1656 identity_helper.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4284 wrote to memory of 2056 4284 msedge.exe 84 PID 4284 wrote to memory of 2056 4284 msedge.exe 84 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 3948 4284 msedge.exe 85 PID 4284 wrote to memory of 2956 4284 msedge.exe 86 PID 4284 wrote to memory of 2956 4284 msedge.exe 86 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87 PID 4284 wrote to memory of 4360 4284 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70f8ab658f5266aaf76e329143aa53b6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8dd046f8,0x7ffc8dd04708,0x7ffc8dd047182⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16579019731419280330,1295600177988808891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3388 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2408
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:960
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56c86c838cf1dc704d2be375f04e1e6c6
SHA1ad2911a13a3addc86cc46d4329b2b1621cbe7e35
SHA256dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb
SHA512a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37
-
Filesize
152B
MD527f3335bf37563e4537db3624ee378da
SHA157543abc3d97c2a2b251b446820894f4b0111aeb
SHA256494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a
SHA5122bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485
-
Filesize
5KB
MD50e56515850669450bedab69164787f5c
SHA1b6efeeb770f878902d9ebb2d9fb5fd259491288b
SHA2560cc8ae42c0407eb0a4de424c08332e336ebd0128104f646872bd5176be5f96d2
SHA512e5c7b17efb70e10c77c1e41b39fbf13eed1521a7d755b8fc1627e46a10f7e1fd12fc912b555cb91ade06deec0b150cf2113aa3b7d910b6578c84f5d078c62d41
-
Filesize
6KB
MD5bfd4cdbba5eb43f92c2a417fc3eaa032
SHA10dda949e849015fc7f00435752ad44aeedb26761
SHA2569dbfefb969e3cd83c8da4c806b981cc2cc639e04b8722e33fad91960b7a3f068
SHA5129f618c14c61a0841274f84bfa345b1d4e39a44ad261c7c06945c9a0663783ab967389f724cf19bf108862e497d1a9628fd8fdd44216e3445f5456f6a56ad02cc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52a95f3d93b86097e2c11ea4a2657e439
SHA1233c7d9777300b3738640e4bebb49e5638323ab2
SHA2560a923370cf39f03dfcbf7c3d519185fe248cee562e910851b8c1865b3b787ef2
SHA5127f79d9fcc52249657e3d13d7796b45c1a8b9f1443c80fb6b15b84d58e2d301bc42245a5b127c25a471d14f9a92f5d5b62e45653f85d8aa50a48a3d6f8f2fa6f0