Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 19:21
Static task
static1
Behavioral task
behavioral1
Sample
ac401954b77b2f1c1045fe812ee96462_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ac401954b77b2f1c1045fe812ee96462_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ac401954b77b2f1c1045fe812ee96462_JaffaCakes118.html
-
Size
1KB
-
MD5
ac401954b77b2f1c1045fe812ee96462
-
SHA1
af702b570f313e0e7bfbbb1f9704888cf07b2ea6
-
SHA256
234fd2c59e22fb104f7b4635b9f246e4d281135f46cb9d181bf06be591c882b8
-
SHA512
581899e3b413b8de4db201ae76148d010dc6dcad7fb283241d3b0a5680f76e913351b8c313d7fff62e9c20acb6f0b3dc0b1847194e79c7553cb8d32471aee3f3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3572 msedge.exe 3572 msedge.exe 784 msedge.exe 784 msedge.exe 5024 identity_helper.exe 5024 identity_helper.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 784 wrote to memory of 4948 784 msedge.exe 84 PID 784 wrote to memory of 4948 784 msedge.exe 84 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 1664 784 msedge.exe 85 PID 784 wrote to memory of 3572 784 msedge.exe 86 PID 784 wrote to memory of 3572 784 msedge.exe 86 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87 PID 784 wrote to memory of 3740 784 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ac401954b77b2f1c1045fe812ee96462_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd47182⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11830263380645015589,17919259367459358371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2304
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3320
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
5KB
MD58af073570fe757f052d5308e254f08f5
SHA15a3d9b4325eab5ea05b4e9c614a61d4aab268424
SHA256528330142edf1778cf4aea4ae9b61c9d22f248109b62800dcdc6cb81fb43deb2
SHA5120e3b8ed9943c63c647dde0f86519a1f3835605e03a314f3c4260bfbbefa171997faf10178d812f9ed33bf42bb1de8b94f01cafebfe7adfccaf32aaa2b69161fc
-
Filesize
6KB
MD592f221b06a79e46ec7abe987cf581646
SHA19d286af3a1283f17b1f221215d2f637ccbfe0ba2
SHA25665a1d1ac2ec1d3a52ff3b5974c73a622049ca92e1a49b07cd40e13f63e1526f1
SHA512926fed71d0102a450dc07e887f66ac839a7097c5df72f8cd160ed8d2be4d03a763d17d32550dccfbb430bb41acaab0fe4e15c8f607e902a3dfe1052d4532a0c7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58b0839ffdfd5c0f2db9c667b1bf48371
SHA1a44cb9770af5e36e29819bbc6c320a79084886ed
SHA2569518c3c0d91f17ab8449a545dc0a4b205b0975cf03e64acc8f12135ec6e9c66d
SHA512adbcd7eb578516771f55df3f81fa1e48be376778f5619bcc9a82f1c13e40dd3b732749d2efa4cd12016f4cb09f668410283ed4f6172690de1eede29b07be434d