Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 04:05
Static task
static1
Behavioral task
behavioral1
Sample
ce9c718605276a900187f392c418a42f_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ce9c718605276a900187f392c418a42f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ce9c718605276a900187f392c418a42f_JaffaCakes118.html
-
Size
535KB
-
MD5
ce9c718605276a900187f392c418a42f
-
SHA1
a8a396aa0989d3f851d9c7946ae11b493664e0d0
-
SHA256
601a2039049bb94f6978184238f8bc5a1b35add3d29420a539ded51e0a29a2c7
-
SHA512
065d4d0f54613698d849145205cb4ebeac50561503ba731927dba089633f83ff463b6ccb57559a590e639e8c06c86f6b5901bf839341981c86e68738a0558bef
-
SSDEEP
6144:SasMYod+X3oI+YzHkyWo3JsMYod+X3oI+YzHkyWocsMYod+X3oI+YzHkyWoH:x5d+X3pZV5d+X3pk5d+X3pR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4860 msedge.exe 4860 msedge.exe 3064 msedge.exe 3064 msedge.exe 4304 identity_helper.exe 4304 identity_helper.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2596 3064 msedge.exe 83 PID 3064 wrote to memory of 2596 3064 msedge.exe 83 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 2180 3064 msedge.exe 84 PID 3064 wrote to memory of 4860 3064 msedge.exe 85 PID 3064 wrote to memory of 4860 3064 msedge.exe 85 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86 PID 3064 wrote to memory of 700 3064 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce9c718605276a900187f392c418a42f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a47182⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1784 /prefetch:82⤵PID:700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14775339358172883634,11153133759359172544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
6KB
MD52405ebefbec08fb5b778ffd90fea7b58
SHA16105ede995b356a21700748f178d5cc275445825
SHA25607da8d5002f20e6dc9f63399b7ca0bcac5f11416e345312dd1d7740f04ad96f9
SHA512e48f458985a3bd3c5268211585470fce516198d0aa226a488e5f0894a2d05ca0adc85c24cb6e460a0cb9e610a7474bbbd602f70fb0d3bcb914a20f4868890811
-
Filesize
5KB
MD549af76d62924b8ead4e634563df84d97
SHA1250b798d3d324c0ff8adb0199fb9adeb3fd3027d
SHA2561996500d157e700875629ed8d3d7c01df5406f3c6a72c3aea5ad9ba34f3b0f1c
SHA512da3de970c7e61a8509c2b84e40f9dcb4620337e2dc131865a02dec20f5ce02380414c2b2f462925f6db6ed863d7eb4c134101c98ec3801db1eb8e84d60b087b8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5257329457501307440bf4784ef44dce8
SHA1061ebe56fa52a97c970dddb506ae512b2c0658a7
SHA256123ab8c1c44ce75ba73657fd235e5847499984d5ca38ae080f3dd96a57360d6d
SHA5124ae88cf5504ae5b41fd504330dced3777110fc68103de34741e9c71616c029a1df3de611713fbbd9dc8856acd3b34a63789f0cbaa900d161fa04bc8bcf69ed35