Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 07:26
Static task
static1
Behavioral task
behavioral1
Sample
be23adcb37d9c502c693b58beb317149_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
be23adcb37d9c502c693b58beb317149_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
be23adcb37d9c502c693b58beb317149_JaffaCakes118.html
-
Size
23KB
-
MD5
be23adcb37d9c502c693b58beb317149
-
SHA1
2454c836d1adabdf0fb6032fb313570fe2abe72e
-
SHA256
b47a54d4b2e4412a76ad0770bb04b4e67ddbee397e5729511d546a34699df5a0
-
SHA512
b28898def8eacad7ebfd2fab263395b7f93a5c443ae60379d2377abf7f3da042f1e39ec83f5757f4b19466c30c53b79ea81ea29f6b7b27f91e7666b6b9a1b232
-
SSDEEP
192:uwrlb5nU+nQjxn5Q/3nQieeNnEnQOkEnt9JnQTbn6cnQ6v06J4RnQNjMB+qnYnQU:YQ/iEv06k4YY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3872 msedge.exe 3872 msedge.exe 4776 msedge.exe 4776 msedge.exe 1492 identity_helper.exe 1492 identity_helper.exe 3716 msedge.exe 3716 msedge.exe 3716 msedge.exe 3716 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4776 wrote to memory of 4576 4776 msedge.exe 84 PID 4776 wrote to memory of 4576 4776 msedge.exe 84 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 912 4776 msedge.exe 85 PID 4776 wrote to memory of 3872 4776 msedge.exe 86 PID 4776 wrote to memory of 3872 4776 msedge.exe 86 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87 PID 4776 wrote to memory of 612 4776 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be23adcb37d9c502c693b58beb317149_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8f2946f8,0x7ffd8f294708,0x7ffd8f2947182⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3389427226713665900,8762512588908186857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
5KB
MD50b1408a60f9723a7f336400e7ba3a036
SHA1e45c2fb064333c703cef3e14e1855d2d7c01ccb6
SHA2560b64f5f331de4738bc2e6782222bca8aafb073d9e40174c17d6ca8c1b4c4204b
SHA5120afb37a94a00c4ee3cf43d16ca2a09d615072d831001520537d19ccf1a6495c561a30dbaebee37dd58315146dfcf1296f094dd0c5294f81384e55769c598ab2a
-
Filesize
6KB
MD5ae6076ab797a55a079a769436ec36c35
SHA10e1ab6ebe5d25a4bb10b4f4e48e90ee788de3bdb
SHA256d12a91f9ba12141477d44520abef108ba75f0f8a78ded0f48a8fc6d01641fcc9
SHA5122e0b3df306c70649c31f61c37c12d8a57a4c31ff36b7435feb7cde15d9ac497725c4f3f0692c3bf748430a907a973ba5ace7b1ab2a4d8a5dd87d5380cf95d3bc
-
Filesize
6KB
MD5460dc916a0982767ae93c06b49c1adf6
SHA1283aeb01082482667046d3de15dac27cc5802232
SHA2568852e6b8cd7283d1d1a7eb2601329df15985990efc299d58d7ffa91d1a5a744e
SHA5129f7aafa8a4f38be8731a92e549040ed96aa80295324333f8b4abaae9e659630dc144ba59b06fdf4614e2da63684d544adbdc7f3ae3ff4410a8c24d327040fd96
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58bc13391917ca103a790243e1b25a24a
SHA195f8a59c4d728f2ddee95737667c00f524f1a2ed
SHA25678f8d9c35158ab3e185d7d8806f1719d12ef9ca92d51f49d88cfbbb940c45168
SHA512f6811145cf5b4ab79118de3ff5a7d03f769c190497f1aae48f28d01655b8c6d739626be6beedba8e2a3178585f7243390a0292603d5f8aab68fe905d27b3d81e