Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 11:06
Static task
static1
Behavioral task
behavioral1
Sample
d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html
-
Size
52KB
-
MD5
d1c9c63cc835a7cc122027d05e915f42
-
SHA1
380f5614124f55b12146c0dd465a9e47f59f4c66
-
SHA256
411936ea2ed8ef9fb35daa5b10b3ce4ceaa53df0a9857c6172b1dc011cf137e5
-
SHA512
8426edee672f6ef9a4c135d79df1b6216e6cc3eee59f249ab58088e04ea9f8431666cb9f25e71d65da75160a3dc34d4d6198b35a50514c1cef121a4fc75c89a8
-
SSDEEP
1536:90JMazeVQ9bAvXgFNEev9XcVV/oeI4bl+uLmB+0M29H:QMgAvXgmbl+uLmB+0M0H
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3388 msedge.exe 3388 msedge.exe 3500 msedge.exe 3500 msedge.exe 2832 identity_helper.exe 2832 identity_helper.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3500 wrote to memory of 1700 3500 msedge.exe 83 PID 3500 wrote to memory of 1700 3500 msedge.exe 83 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 2716 3500 msedge.exe 84 PID 3500 wrote to memory of 3388 3500 msedge.exe 85 PID 3500 wrote to memory of 3388 3500 msedge.exe 85 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86 PID 3500 wrote to memory of 4412 3500 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d47182⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:82⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2240
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
783B
MD5d7112c664844556ccd9c944a6b390644
SHA17af1080e66dddd0c5024bb073c6edb7aae9eb89d
SHA2561737b9dadb4862056b2c3db22ea7c9e263d3551b6de8285349e08b0632b4b38b
SHA512937f37e6758d88efa5fca9b7371f9851afab205dd674a2d1bc4c172e040eea0647965e4275db04e554bf674b9cc81da6746ef340482e21d0a1dae15605be088d
-
Filesize
5KB
MD5e56722d0d488b672e068de976103903d
SHA1e93dd0730a30d3a96e1cdf2b976ea15e78d99f63
SHA2560a000f0571eb9f87a927963d12f427e1bd27a9819b440215950f3d750435ef8e
SHA51295b4b6634eb1b350d04538cbbf1c2f58d668ae34461f554d858a15279e6ad4339eceed9b17ec1fa4befba5b34ed93f7c83aaf5227d436969a2204c61c5387c87
-
Filesize
6KB
MD568d658baf141d392d54050b0715bed25
SHA1169ed7ff0126f360ec22ded61e5bd2d31a9a4a06
SHA256f467d4f22bc062217818f1600003f5c9845fa1d43dc95414843292edfe3197c4
SHA512f8bb541868adf61317b09e1895fe3c42ea50d19699a54c2ec5a3849015c10cfda75ca4e1fe4c227cfc1163ee343875d51553eb2e94d11ca00c0aa8ae6ab26ad0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56af412109ddc0614a70e43b79063b024
SHA16de450060287e32b553157e1bb0b053ee5ac7a43
SHA2566f55e8111e78761aa6b5e034964f42ac170ba5d59e752f8a1c28ee2a8d318498
SHA512b206ebaeff3d4bbdaa843ff3180dc4fba55325404b44eba678ffab1e20e7652754663a410c2f3a14273c6eac453be0f31fc140130f68abe2b268a19d16de4b9e