Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 05:04
Static task
static1
Behavioral task
behavioral1
Sample
ceba9bc4a51bee0b6c65c75d574f594b_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ceba9bc4a51bee0b6c65c75d574f594b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ceba9bc4a51bee0b6c65c75d574f594b_JaffaCakes118.html
-
Size
22KB
-
MD5
ceba9bc4a51bee0b6c65c75d574f594b
-
SHA1
2007969e112683331b3a060df7e9201857f8ff2e
-
SHA256
dee04b1bec80cfaaf53aef28ba24343281831ebfe9d0a49a7fdd100d9cb4e70b
-
SHA512
dab08c30a16661372e06947bf049d18243752be443070cb873ad9576e93feefe7451d44c16a48a8ff50ae8b6f4e99a503f4c989b4ec4bcd43e4cead89dbf1529
-
SSDEEP
384:banY5A2hsLimyVUqiSiDfQ3akZT1M394OuYS0wInwtyV6yV6yVQAhyV9skkUg+Ql:banY5A2hsLimyVY7DfQFdu3+YAyV6yVR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 5060 msedge.exe 5060 msedge.exe 2908 msedge.exe 2908 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2548 2908 msedge.exe 83 PID 2908 wrote to memory of 2548 2908 msedge.exe 83 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 2672 2908 msedge.exe 84 PID 2908 wrote to memory of 5060 2908 msedge.exe 85 PID 2908 wrote to memory of 5060 2908 msedge.exe 85 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86 PID 2908 wrote to memory of 1764 2908 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ceba9bc4a51bee0b6c65c75d574f594b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f5346f8,0x7ff85f534708,0x7ff85f5347182⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8078010197059485386,14871638117205983769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1300
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
2KB
MD561f8aa91e5a9608dc75cee42e64d5f8e
SHA140153089b9698d0fbe2659b50ce204c26811925a
SHA256414bfa3557496bb913105f75af60c04d9b5a900fca62ee19c5105a5d72f95281
SHA512ae42411379affaff1a8268172a2d6f733781608ab4fb267750904fcb36d5154709b956dde74adfe554fa473c5a74eaa2e664ee36b53c3115daa1b2a1c2492d5b
-
Filesize
5KB
MD5bf415592698cee6d26b030c5d42624a7
SHA1fbf10c994f2f4c4a2c515baf94208d665d2b8714
SHA256fd980c52bc5fa95f2a4ef5811490c7307ac860ba9f048d7b01d8e3ecaaf023c8
SHA51265745626b88cf3d757085fccc35a5bf883640ee513b1ec178e15446d6fe2dd98170ab12abaf93a35b32cd80994f11978bf986fd0c310209e11d0a365dfd0e4f3
-
Filesize
6KB
MD5978ae2b099736d7f865114798c02e43a
SHA15c5202db49c4cdf44eab22e58f4350fdb73e4b28
SHA256bf2a94d74766260e91ce78f27009214faf3a17f0d882e9282062ccab7c7ef20f
SHA51235a779b5da2783e69f3bef7fdd8a1db86b4ce2c357b5a9396f317d2773bc44350c142023b4d5adb8a89f65d63d786f1299d55f2a40eceed96306c0d7a09f3d6c
-
Filesize
10KB
MD5240dbd5e66dcd73652e3eb3d9ff9ab45
SHA18be72b3083c234fdfd74e4de03164444056c0bb3
SHA256ed3d6692ff1180685a8139d20b84992711798bb177dc6df73d61a21a4e99e1a1
SHA512d27295e86c5ef30e166c5bb74599ac31abb2e83fb358be6a7da8dbe89da3b9d8d2948e8fa3961563dd9872ac58ce85f9a1e6f4a323683d7da9c3cb0b567938e2