Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 08:27
Static task
static1
Behavioral task
behavioral1
Sample
b2c37aa558c66e5712752756f3308e64_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b2c37aa558c66e5712752756f3308e64_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b2c37aa558c66e5712752756f3308e64_JaffaCakes118.html
-
Size
39KB
-
MD5
b2c37aa558c66e5712752756f3308e64
-
SHA1
9092920a2d1cc96d8fed890fb908fb266088d194
-
SHA256
8a6f41ea4530979533426ed2fcf1d9f9c714e932549bce0f8f58f597ac9d6709
-
SHA512
c5e93931ffe2026ad178c4b644c753eb0acf795c125cc425dbe8485be29642c4ccda2b1e9c64fa0401aff26aedde4d3c2ffd4746e99d45966b3dbbc513ac65d5
-
SSDEEP
768:bE4lbKV2pQqYeEiG7XSMgKqvEDLZgI7goX3uL:bEiKV2pQqYeEiG7XSMgKqviZgI7xuL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 3648 msedge.exe 3648 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 2748 identity_helper.exe 2748 identity_helper.exe 5284 msedge.exe 5284 msedge.exe 5284 msedge.exe 5284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe 4536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4536 wrote to memory of 3372 4536 msedge.exe 84 PID 4536 wrote to memory of 3372 4536 msedge.exe 84 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 4288 4536 msedge.exe 85 PID 4536 wrote to memory of 3648 4536 msedge.exe 86 PID 4536 wrote to memory of 3648 4536 msedge.exe 86 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87 PID 4536 wrote to memory of 5116 4536 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2c37aa558c66e5712752756f3308e64_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ed46f8,0x7ff9b8ed4708,0x7ff9b8ed47182⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8343012853369818052,9825522822266301629,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5284
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
6KB
MD56f5e0c3097f1840d5f071b7ef0db5516
SHA182a83638ab19abe7d722f461c2b078a894892a94
SHA256252d37b65ac949cd1248e1e979f239c3d64c998fc6720883d1134fdc06ddd357
SHA51223864b94e2db557c6f4c40722e8a7001c0971a5d93c34c9771607d5e72be8b77781f659eb6b4e961cec0169b5f569725b32076e07ea7b9aba98abcfd3a0f41a3
-
Filesize
5KB
MD5fcacf74298fafa92b8001bbe35dd1c13
SHA17fd1dd7506abd8071ac11271d0a6121036c9f275
SHA256e454e1e3da9d1c8f57932f16746ae44b92ed54106085adf51bac9999360fca58
SHA512f6ccc5eb2f3180ef6de4434d876eb56249737b616729da864e50acc6412f3927abfd73c840bb78606979e8f26f64b47dc3e731b759ee2e3ad6e1b03be54eaca5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56ce0185450ba122a4cbc13db0c3b8987
SHA16f1925bde357a561fa5fa5233b1d06d315222dbf
SHA256a77a8432d154856a4c2ee5072798a3b4d0ea955803019d52ab89091cf5bfa1b5
SHA512528366006f156aee47df57497ed130b9632ac8eef3194ec61efe509a3fcb2380857ae9717f22655cc94b7231d7321d4483eb950143fe10552adc4afdf589ede6