Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 07:23
Static task
static1
Behavioral task
behavioral1
Sample
ae5430498e486d836f83adb13661c7fa_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ae5430498e486d836f83adb13661c7fa_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ae5430498e486d836f83adb13661c7fa_JaffaCakes118.html
-
Size
13KB
-
MD5
ae5430498e486d836f83adb13661c7fa
-
SHA1
c5da0988794d10b4c6107842564597e917e58220
-
SHA256
92e7178561c5e5e0146df5b3ffad1a7b23f942f92997be56ba4a57279819e3fd
-
SHA512
fcf915ecfd9fff5cea1932f13ed023ec9d57cf33998c35195ffc7d09273486ff6b152fa322525b5911bfaa581c77deb4aab7bd0e61400b72a8f935e0fd6d8a99
-
SSDEEP
192:Rxh2b6MmSqCltPECD+gLmLLfBpsaVBRdKapyMVNvG6KpWs9lPv9NfVK4Xb5O9:Rn2DFubsaVBRdKSyM/vIWs97K4Xa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2080 msedge.exe 2080 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 4364 identity_helper.exe 4364 identity_helper.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1408 wrote to memory of 2972 1408 msedge.exe 84 PID 1408 wrote to memory of 2972 1408 msedge.exe 84 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 5112 1408 msedge.exe 85 PID 1408 wrote to memory of 2080 1408 msedge.exe 86 PID 1408 wrote to memory of 2080 1408 msedge.exe 86 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87 PID 1408 wrote to memory of 3620 1408 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ae5430498e486d836f83adb13661c7fa_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6dce46f8,0x7ffd6dce4708,0x7ffd6dce47182⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17524473701174029087,5187724965135442290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
5KB
MD544f708f0d5acfeb6d2d9bf5f40779680
SHA154987244b2dc2f08cd27387804be18cdc9c13ce6
SHA25676860ffb0033066af609320dbc5a85ee436276c81f2c419980bf2b7b81379691
SHA512c43f0930bbc6589e8f4ee5a86288c5f0d10d6927f4903933d3ca4b548f183eab4586ea2cfeb5ee24fe4957f8eda0dcd1dabaeccfbc769d8f0f079c1da188d6f5
-
Filesize
6KB
MD5f08af879ccc1a77959d3808668870032
SHA18221803f804ea827b9f5c2961399f8adab14832c
SHA2567bf6ba91626571290b1c4e91286335dd644963009e52e17f7c513d25c9438660
SHA512cc6d905e807c2ecab13eb8b31a1f614a8d6acf2fadd3110a1a14761ffdce47f9ba4efbb26e7347ae229febf294249a681164baca2828abbde6a01f7538925d78
-
Filesize
6KB
MD51dab10f8e6c6c301db9f48e8a4b72847
SHA1d193101edb926688db52b8e6bc2f385fdb7c9bdf
SHA256fb8b99ee1132952112ca7db5a94404af495707b6047e886df669b0b7fe868795
SHA512cc8841b5f5242445d302525fda5c8903c66c3cbcff87818cc88663113366a88eaca87ae07add3fbf9ae2a94a17c0830db1197a4172c09bc5d96b112aa854d2ab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51fb74561af6c7f91daddda29922d210a
SHA1096ebd0dff42acce84f3e656db7000c979ed978c
SHA2568d7cb50d96216c2e11bd3501599ed2f49da242d0aaf175e681d10bf099ed96c2
SHA5126cd8a5fbe9e2afea6d8bd9a79f8c3fbe01c1ef2bf85aee718dc04d67af4776097efafe9d88192e571685b120106965519c121eee3e9e5f377cc7d3299a95287f