Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 20:02
Static task
static1
Behavioral task
behavioral1
Sample
c9889880928f1c37a87081717432fdda_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c9889880928f1c37a87081717432fdda_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c9889880928f1c37a87081717432fdda_JaffaCakes118.html
-
Size
24KB
-
MD5
c9889880928f1c37a87081717432fdda
-
SHA1
4a33e2c61bb5ee138c3f22a833fcd79a7740b579
-
SHA256
e0a79835db0575bf51fbcce8c3ec657adabe4551cd771d269b151c26fd77c1b0
-
SHA512
6a4171f38964134ed75abe33e4c1243fd50dcb8675a52ece7f6131acc4d7cd2dbefc801ca9b1f742a64f13c1d77218e2f0b0a0ca6f0482f80b8bdf2f6a0c868c
-
SSDEEP
768:BUF+Wp1khngy/VnAwjRjfVQte5ViCubx/Wscrh:BUF+Wp1khn3/VnbjRjfVQte5ViCubx/s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 3900 msedge.exe 3900 msedge.exe 1472 identity_helper.exe 1472 identity_helper.exe 444 msedge.exe 444 msedge.exe 444 msedge.exe 444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe 3900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3900 wrote to memory of 4084 3900 msedge.exe 84 PID 3900 wrote to memory of 4084 3900 msedge.exe 84 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1400 3900 msedge.exe 85 PID 3900 wrote to memory of 1548 3900 msedge.exe 86 PID 3900 wrote to memory of 1548 3900 msedge.exe 86 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87 PID 3900 wrote to memory of 2152 3900 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c9889880928f1c37a87081717432fdda_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcc5046f8,0x7ffdcc504708,0x7ffdcc5047182⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8018766602922679307,8954626557363529678,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
516B
MD5dbe36ad9ccf784e7e22511e4b41a8a28
SHA1a1c2331d58c16db8195cfd4a5b2826c5a781bdeb
SHA2561bfb93a010f93a109a8f1a790f7a3fddc5fb19a8f6039b0cc742e1c1acc1948b
SHA51255729c2dd90f15dae40be6003a9748c16b47f863170a266b7f4e0f58a9d49a6a24dbc5ee89f6d36c81565c950a8d05ae1878194902aab7a6f29ed62c7e40c79e
-
Filesize
5KB
MD5e6c017498d4ee16a167ca4691ff581c7
SHA11d8ffd984d1da1a0ecc7256526a2951aeab37ed7
SHA25695e667060016a9f5125dc2b85fa82ba329ff7b42c186045b706722755ddae103
SHA512da0bd158801a42b890696cf0e66361f38a18bfc84d5a774305c078a61c145c05cf4ae72ac4bfd525d26f6c01b0d1ddb7a9640ff7a203021cc188914668b068f6
-
Filesize
6KB
MD5d3ad3190b8eddcf9e2ca94e81beebc15
SHA1f8b67cbb5d873dcf2ead00eea97e1e8f12eadae8
SHA256974e1b681a2a5ab738c3ff9d2d7864ce03efbd486582229289928bd47b3eaef6
SHA512a43c114da3c50ca8fbd795803247162437886f431cf1025b19c197e31f9bec9d5ca57b5560c47df00582dbbbe0ed1c7f049b49d059321a26d26702c200c50f54
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59c0886ed91416b2acf6c1d274ab40a25
SHA13d42891ed366864850da93e43e5b1bba7f6c6d15
SHA256bbd9cb4864b201d9c00389f540c9799f9ce7ba233470bdee918aa681106bc24b
SHA512e69161db0e245eb6e198d579c7b444b28cb2ec53e4041dbcc00da3a31391d0de52e9c36ce623e4e84364957321dd93a50079a87f968b78eebae8ab60c356849a