Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/08/2024, 09:21
Static task
static1
Behavioral task
behavioral1
Sample
8e2e693f55b1711c418977bd03eff840_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8e2e693f55b1711c418977bd03eff840_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
8e2e693f55b1711c418977bd03eff840_JaffaCakes118.html
-
Size
6KB
-
MD5
8e2e693f55b1711c418977bd03eff840
-
SHA1
09eb68ebbf964f626260eeaa5198a2d5033636ae
-
SHA256
746fde2a71606b385867f168908a743d674d846ec0ebf1aae049db59fced8be8
-
SHA512
cfc50a78e8802c04e327b799541f461cd804493c1c551689f80426add6eae5bfd5754d500e92ee2e66b29c96b5a2b20fcb24413d6934cfa843af30ab7dbd45d1
-
SSDEEP
96:uzVs+ux76JLLY1k9o84d12ef7CSTU3wNGdcEZ7ru7f:csz76JAYS/uSGdb76f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2220 msedge.exe 2220 msedge.exe 2896 msedge.exe 2896 msedge.exe 2288 identity_helper.exe 2288 identity_helper.exe 5084 msedge.exe 5084 msedge.exe 5084 msedge.exe 5084 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2896 wrote to memory of 1492 2896 msedge.exe 84 PID 2896 wrote to memory of 1492 2896 msedge.exe 84 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 5112 2896 msedge.exe 85 PID 2896 wrote to memory of 2220 2896 msedge.exe 86 PID 2896 wrote to memory of 2220 2896 msedge.exe 86 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87 PID 2896 wrote to memory of 4660 2896 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e2e693f55b1711c418977bd03eff840_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d47182⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16994929049242615373,16634202700245675915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5084
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2984
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
6KB
MD51bb75173f37dcdcd4ea9174c71238283
SHA1b190329f388726b345b9fc6f6d1772ac01dc3920
SHA256d8f6db458ffeee0f35db8a392b8ef05d9f1456c582c4d8bf0c970b9ba19c83ee
SHA512720af1778e19912bab9d322cbcab5324e9373d2fcaabedc063ca51e67649a20e62e16540b83bdd7b8cafd0a7174f9cc2daee88c5b7dded88835bd61f78546a33
-
Filesize
6KB
MD507f904cac98e6226543211967d9bc8f7
SHA14d68b0dbe74629f1c5921cf1d909a06e0fb5b228
SHA256f5eb4a7fddb313d1ecca955f1ddca015b5885cc39d2636c77652012e695fe46d
SHA51268f04ddadd1cf46e786138994ee9dd09606cc0288454a6f97646df6ca205ecbe9c56b5de6bd454ff76985ede109da41deea5dca4c3eaae145488c027e453c340
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53943bfae262c1042af0c19efe40e1584
SHA114cb5d22e0d048747951676eaf41f88285bf6276
SHA256024430fd1fb1215dd6b2e3bf55c91efa26a49499a2d1012cbfbbc1e4fde123dc
SHA51219dda6ba9a3c268ad1e7f889b76f2646c9bad8bc3dc1c94f8436aba35cf500898fd6ce4cc9cda1ed2608a38bdabe702138a383b9b29799bb0202443875fd04c9