Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
d2ecb2310da02cd78e9ad52a50cbbfa6_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d2ecb2310da02cd78e9ad52a50cbbfa6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d2ecb2310da02cd78e9ad52a50cbbfa6_JaffaCakes118.html
-
Size
184KB
-
MD5
d2ecb2310da02cd78e9ad52a50cbbfa6
-
SHA1
4e7924c6fb64a2e595ad128039ff405fff011fd0
-
SHA256
9ce954d657d4ba130007363e0afc86830d0edcb51ccae66c258eac9349bd62f4
-
SHA512
28dffef704d31b3c634ee08c2bd77ba092949f386788f98ecec456be901d888feb296d62438da627fb8e511035c5201e8b4b3186d473a2ec99efc140441126ff
-
SSDEEP
1536:xsPuhuTYpeWmyeeJN2W9DvG6TBrbd9kie5Xk1DSK7ChYaLeiLWwkoodalSsup74P:xsPuhuTYpZixxnP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1328 msedge.exe 1328 msedge.exe 2540 msedge.exe 2540 msedge.exe 1544 identity_helper.exe 1544 identity_helper.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2540 wrote to memory of 4132 2540 msedge.exe 83 PID 2540 wrote to memory of 4132 2540 msedge.exe 83 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 776 2540 msedge.exe 84 PID 2540 wrote to memory of 1328 2540 msedge.exe 85 PID 2540 wrote to memory of 1328 2540 msedge.exe 85 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86 PID 2540 wrote to memory of 892 2540 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d2ecb2310da02cd78e9ad52a50cbbfa6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd09e646f8,0x7ffd09e64708,0x7ffd09e647182⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8855238383443800257,15281396583685719773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
257B
MD56edca6da5130c768f823ef28a90027d1
SHA170c6026009dfb8a6ed66186cab6537f5b799bf46
SHA256100f6f57c8f5a39979ac120d5d5c56dee06d56a20d7e59e848ca97dc648178d2
SHA512399ac03a157db8117467c7e1204b58f17ca00543824f18f372c8550b8a007e1c17825af2e95e0666f27db25a3c2b842892cf86a711bfc545f6c7b5015999ef03
-
Filesize
5KB
MD5e2de93ce3bc90b42affec99836c6bbda
SHA1040b6ebb6906b718761c277295d61fdd414d06d7
SHA256e1d6fba1f8b49efc0a23b737e15443e0e272331ad6f9ee04956501f2a95a14dd
SHA51204058bd6239d04955495d3975bafbafc2e80b8401b34542066999f1a5970bdfa53a46d0eac70fde2564eb8a7ad9c4902adeb310e72c8c1382010eda4c0ebb427
-
Filesize
6KB
MD5e049c89a78acb3b330b7a81fa6325e7a
SHA18853a95a14efd880fabbe305cd4f69a818b3703c
SHA2565ae85005c08150bbcb38bd6127fd0a70ac505a3588ab76b7659ec43aeeadc753
SHA512b706db20755dc2e36c740468c211ce22093c68b097cb16de54833bf82b1d722f1575e31a83bff35bc91f6597aa4cc9c98da948d69c3155cdccb7ec2109c8e6fd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ccb6543b5c98333d2ac86f96bf1e3a59
SHA11b3d9e46aa61430d33f6c27bb0ab98732e82fada
SHA25610a44f21e34117cf2f6ed1c3a734ccc85351d67b7d0a525fa33ce22708dfd3d3
SHA512268a2c1f5923270a53bc98ef6a6cdd27ca0a00947ad7036afd6b283b52f1030d0f8bca9e9ebb9ea483fd6941ea5b4baa02ef88a08e67a016565cc976f656cf08