Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 02:40
Static task
static1
Behavioral task
behavioral1
Sample
d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html
-
Size
139KB
-
MD5
d0e7e40103090da717727e0d0dfe1396
-
SHA1
cbcb56ce6440abf557e3eadfb4df0090b3a2df08
-
SHA256
ef38555316632c1f112a37d3e20e6e456d36af36897283f6869b3901946ad5d7
-
SHA512
58f437d7fbb44d45297b0e3b86f9c28eac3a0ae208c3f767b6809cf4bb4d2ddf8e1a4ca03843559eb268fd5647f53d97a4d5d6c90df2eb4798d4eb321ba19d89
-
SSDEEP
1536:SCqvAbWNjUvCJm5lBqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:SCq6NqyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1792 msedge.exe 1792 msedge.exe 2212 msedge.exe 2212 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2212 msedge.exe 2212 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe 2212 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2244 2212 msedge.exe 83 PID 2212 wrote to memory of 2244 2212 msedge.exe 83 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 2980 2212 msedge.exe 84 PID 2212 wrote to memory of 1792 2212 msedge.exe 85 PID 2212 wrote to memory of 1792 2212 msedge.exe 85 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86 PID 2212 wrote to memory of 3684 2212 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0e7e40103090da717727e0d0dfe1396_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff807f246f8,0x7ff807f24708,0x7ff807f247182⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9555014436655365050,6205499245889644772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
476B
MD596d42d9cde5b41f9f9c37e9af0179a2a
SHA177e8626f17b4c6c5f196bbd375649f4d5264c90e
SHA256aaca05b2a9bf454cdbfbaadf01e4cb3577237c97bb2b72a06de550a14daab960
SHA5127e2db88b2a8fd16023ff4e9f3347dc664f7dfc3868fdaad93f6ad8a29e0ea3867f5351f086a41ff0b161390dd3d04bb2762dabd17ca8c0a1ca56bf6f921afff2
-
Filesize
6KB
MD5d704c8d1bdb0430309f041fb918425a3
SHA1e647c2d6f3ddc71e21d7983b6872b0e0ce3a5b42
SHA2564069cc04ebef3ac679eb2d2a024736927255aa091f868592b2a7ab932faff264
SHA512debaf6e7dee7c54cd20c19c39b7e9b9523e057b36783f96f8440ab07302eb9d74c0a32e9328508827497148f679e225cc8dcb1f30502d95ad43ad2d7f60bd875
-
Filesize
5KB
MD513a9ad04825ad7e2fd5899dae50ab810
SHA1fde9706abda7a8e8ff8ff7b73a45f46dfc221c51
SHA25672a54717aa6b1023c8aa836d47335d8b582f2db828638e515c66c03989d70ffd
SHA5128aaadeeaebb47f2782431450ed949f5f504e4ef1e243c1980196ea93f3ce07f23c47afd5445c333c2d5ab70c28410b2b90cc95d3a3ce1cb0b3a11fe604e850cd
-
Filesize
10KB
MD5e15ce34b6024a410f9b08d66009f7285
SHA197933c8d50ee56cf1612d1251125eaba14cb4685
SHA256614353cda47ec44c6ba940e826282c4728a309373fb25a91fcfbff17ba5a9615
SHA512eade79af62496df35ac08c57afa4437978316f7ed5cc5f056e3193c7f7af82e48d78c8ae671298d1d1fa2a535274c87d348dc7eecff002c1b53efeb1d499bda2