Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 17:03
Static task
static1
Behavioral task
behavioral1
Sample
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html
-
Size
20KB
-
MD5
c12fd8494bc84c87d6eb74b7a4c81b46
-
SHA1
994102451a4ec0120c1dc512c35c87fbf6ce26c5
-
SHA256
ce28230ab19652b0b6e9f5b0c1469b5425e8010a45edac3d8322f0ff1004263b
-
SHA512
6c15d9a9b68e32111cb08daa4cff3c729d4324fdb6b84126882ec20feaced2bd426e2f526351bf4374114e66279c4bc8bc96d2f221dc4a01d3a5c41e8e2056b9
-
SSDEEP
384:gaCdpzoLFBMfBMFBMJBMYBMtBMBNMQkJJOTn+9+I4xRw9YnWV1ctb:gamzMCfCFCJCYCtCBWWMId
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2204 msedge.exe 2204 msedge.exe 996 msedge.exe 996 msedge.exe 4632 identity_helper.exe 4632 identity_helper.exe 3752 msedge.exe 3752 msedge.exe 3752 msedge.exe 3752 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 996 wrote to memory of 2644 996 msedge.exe 84 PID 996 wrote to memory of 2644 996 msedge.exe 84 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 436 996 msedge.exe 85 PID 996 wrote to memory of 2204 996 msedge.exe 86 PID 996 wrote to memory of 2204 996 msedge.exe 86 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87 PID 996 wrote to memory of 3168 996 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c12fd8494bc84c87d6eb74b7a4c81b46_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c78547182⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6937952516951528101,4837992455257957624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1608
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
5KB
MD5f1c81537a89bff1ca5712d3fba3961ed
SHA1a8beb0fb4cda90c7bc840626b00f93cb337f46de
SHA256c29560e762b484da75fcd57691a1eac6628d115607a056e0754c19d3331c684b
SHA512e249de3b399a573b70c18ff4b1553ebcd3875ef8f9ba682fc85447a7a9437e3c7259b44eb4c46283cb85d18142605c84b9de541a1c2d77d5cd2d2e0feda908a4
-
Filesize
6KB
MD5df457710ab909581e23d2867f813bdfe
SHA11a702bdf14a62a785f7aeb132dcc9496cf6dbdb5
SHA256f7ee03c302776dc3f55f3e5b8df5e9cae4c335d4d0e646a6a7c22cf868466c55
SHA512ee5dc00c54aca92ba3a008cc1edb5d3f2c035fbc4db4dee954beb8df229d335a1c4f70962e2f8c1203d66310479289554dc0fdd8f19ada2200c8577c5e5e6e83
-
Filesize
6KB
MD5c7de08f236aa17cc70fdd297367217cd
SHA1e23ce1479748172f9ba1d4a93afba62dc1035460
SHA256660d5b9dae78d3fd5ece1b7e59036672fb464c0a53e0605224172c3ab2d91828
SHA512ab7ed36042743c16054c95e4f3551b048c9e60d2b8db8ca7c4e01297b5e6da1ddddfa3da67145df264e1717fb47ebbe20295960c5621c515531166749c749e70
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD552afe415ba4a698839acfbf50170197b
SHA1f075b2a316966154b57495a3b28d01ac8b03604d
SHA256a23d7e787c5fa6ac2aab560067f762652ab538972f716855f696340b212bfb6d
SHA51290ce68ee654e8c5c73f742e206f948001b4b0d711ee5d76a786a76479da27d10e83039e52bc421d333a49c0480adf057973b18cae5fbdf01a1575c763547fccb