Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 19:46
Static task
static1
Behavioral task
behavioral1
Sample
bf48ce2b1c71480cf941fe60d8c2af2b_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bf48ce2b1c71480cf941fe60d8c2af2b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
bf48ce2b1c71480cf941fe60d8c2af2b_JaffaCakes118.html
-
Size
36KB
-
MD5
bf48ce2b1c71480cf941fe60d8c2af2b
-
SHA1
dc5151cefdb49576856e30a937185ed2af46dc84
-
SHA256
534ade32152d2ccd2b767b08a17f2ea4095545a89646ad08c249ead42c5a42e3
-
SHA512
49837e5e52789dcbb55e570503475c4a5198f86f8633297797b3ce2a06f2d0a70eca880a4102e9fca0446d88f181b8e8e878123a0b2b8e0441a4c36a9c2c01f5
-
SSDEEP
768:zwx/MDTHM288hAR0ZPX3E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TdZOm6DJtxo6qL4:Q/bbJxNVguxSx/o8tK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 1632 msedge.exe 1632 msedge.exe 3412 identity_helper.exe 3412 identity_helper.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe 4956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 2168 1632 msedge.exe 86 PID 1632 wrote to memory of 2168 1632 msedge.exe 86 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 1004 1632 msedge.exe 87 PID 1632 wrote to memory of 4428 1632 msedge.exe 88 PID 1632 wrote to memory of 4428 1632 msedge.exe 88 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89 PID 1632 wrote to memory of 3748 1632 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf48ce2b1c71480cf941fe60d8c2af2b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c1847182⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13945910048477086705,10491277102869453714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
614B
MD522cea41c45c7f2ffefbf8cbbd51ff44a
SHA19686a3b81d551537c750edff3aacebf48e849bad
SHA2565c7820c8ca3fa5e568d921b43955dec81f0b602254e2ac689ddf5d12522ba1ae
SHA512969410e8010aee0405b206b2f4747ec870ae16a42928c68728b03de305ea591aea2c2084411dc2997e65c164190d2a609f526236c8a61b89a9ab48da433fc6bc
-
Filesize
5KB
MD5e8242652d1b8ee1997286f62fdb6c50f
SHA1e2259428f45b226564f3a2f29e27c92a32520d30
SHA25601a65c3d895482f858aa37860b02f14b17b55cef0a27c1b200142de92246a57e
SHA5121707c1d5adfa709c9005530b20ffa1d54c8c85763fa16478ec7846416457a868b7a9016fcf5ca7cd878494b63a5886453d834da790bc3453119582bc2301bfd5
-
Filesize
6KB
MD5a127473b512a21f73e27ab8f912cd9a6
SHA1a8891211c2aa948eea04a32e438770bd5980d04f
SHA2565760759d45c803cf3b3233bc5c4f588a61f0d7754d692334f0aa176ab971f0d7
SHA512a1badb890a050eeee16c3a09b39c2d648c5cb881e1ec5378aa8328ff721104125eb63fbe3d208f3dba11fe038b2b4888d6cd60812d73ee502d154ce89f2f3fc6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c6ec9b226c068ace98eb5eff54de2b7e
SHA112b46bbe4abe00793aee4e474966e7553ccaa696
SHA25627343b82646b70516932c6a0bc954aa02e82ee86357e0cfdea73a45dd585b071
SHA5128f2b1765de9f4a4b199c8692998bc0a10ea667012aac32a39c3b6bcf3edc712ae231f73bb0e4557c1ddcff8ab6b37994e86a7ac4f0feb6beca3eb2778641fd3b