Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 01:38
Static task
static1
Behavioral task
behavioral1
Sample
ce5ab8dd1994dcf31485516f159aec2b_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ce5ab8dd1994dcf31485516f159aec2b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ce5ab8dd1994dcf31485516f159aec2b_JaffaCakes118.html
-
Size
86KB
-
MD5
ce5ab8dd1994dcf31485516f159aec2b
-
SHA1
244cc9e72f9ff73a24e340e7e9b158a969f2ff95
-
SHA256
5f06980cc203cd47874f8cb45b61b029969f0b0bc9c8c9a2ce8a108ca10a7e4a
-
SHA512
ed717fb5025ca9e751145ae21c7a8d658e70820837fb15f09e4d8a52a35a914458af213adad37f443a7f575a0e721bd2c2d4c37659d74cbefbd7fcfb163bb2d1
-
SSDEEP
1536:O+6RgZ6/oRMs4nruUohYt/RO4D/f19r/IBcNyiK1skyBtcWeLExzOz7RrA:96RgZ6/oRMs4nruUohYlROKl9rgBcNy0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 392 msedge.exe 392 msedge.exe 3284 msedge.exe 3284 msedge.exe 3864 identity_helper.exe 3864 identity_helper.exe 508 msedge.exe 508 msedge.exe 508 msedge.exe 508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3284 wrote to memory of 920 3284 msedge.exe 83 PID 3284 wrote to memory of 920 3284 msedge.exe 83 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 1764 3284 msedge.exe 84 PID 3284 wrote to memory of 392 3284 msedge.exe 85 PID 3284 wrote to memory of 392 3284 msedge.exe 85 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86 PID 3284 wrote to memory of 684 3284 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce5ab8dd1994dcf31485516f159aec2b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a7f46f8,0x7fff9a7f4708,0x7fff9a7f47182⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,710127346576560108,103942902372533893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1640
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
467B
MD5d2cfa95c4c408015bb9624ac8233a53d
SHA130270506632a3de9047eb38ca8d0492e4a9d02b9
SHA2568381501f5e8b9f0b29eb347e1ae34de9090b6a55bb5e4e444237888385581e71
SHA5128da4181672fc5dbe99f4242607ae188f582e732851e064f397c84233b53237bfb2f1e1ac05be58739f8dc2d5d85aeb6e374764f48c0e85eaf3b21ab75c52b220
-
Filesize
5KB
MD5dc9b22c134c69961f984c38b900bb5c8
SHA12faa87f94c328ebc338a3bc0dc1e34edac7ac7bc
SHA256619619ac0a17b6caf3407423e269c23c76db49164c2009562c9bfac86678500a
SHA512258547e90840479fb6bad454bc3a170ab1467594e1e3532a2c599c7207c6957937f05cb00b9bb307346201b24350d5a9099f0002351262f48f09cc388f5f14ee
-
Filesize
6KB
MD59f98f12a3ba73d7566754e7959b0f3cc
SHA1735cdfa100f65477202b3d62578ae4159666d2a7
SHA256a1e44a787e7d56d80098211902c6f31de468f1adf7e44da54a28b3e9e3cedbce
SHA512677c6194fa0535323397490ac8043d708b31083404623f6d5ba738c509bee2269d204413dd53e93c2469de1a3f02d6c4f1fa1150f1f1aa65a61b5c258972f497
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bbb73d21fe78fe6eb8b8f0583b529f33
SHA1beb351122fffebbfdbb5502de4d577c717b0d0fe
SHA256f0868214a4297314b8a460f19dfd9df74b89fae0a7854a1887eb33389d363d8b
SHA512247472b93be3ac9ee1b4d7e8f90971613b79ddcfeac35bacb2d152daf546fee75818157790d4baf0d0e2aea7818ffc4ea1553ffa6d43c443ade559927ef29d50