Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 12:01
Static task
static1
Behavioral task
behavioral1
Sample
d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
-
Size
213KB
-
MD5
d1e2ae19d631e7d13d2fb809ed328066
-
SHA1
b204f378006984e789095eb7d7d2d416c073bf2d
-
SHA256
98fc8f9f59e6a5a89f729706b3a83241faab040c1a56934e3b2eaefd2f9da746
-
SHA512
20b63e57d34446c742cfb2ffcad8bf6dd6302ead3267286042142f0ce331b50a98ae77fd255eaa775bf08eaf49339108a46755ef9948f10c6765d60229bec5ea
-
SSDEEP
3072:SGSd/xvylowyfkMY+BES09JXAnyrZalI+YQ:SGsxtsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3628 msedge.exe 3628 msedge.exe 768 msedge.exe 768 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 768 msedge.exe 768 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 768 wrote to memory of 5092 768 msedge.exe 83 PID 768 wrote to memory of 5092 768 msedge.exe 83 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3916 768 msedge.exe 84 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86 PID 768 wrote to memory of 4520 768 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeed946f8,0x7fffeed94708,0x7fffeed947182⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:82⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10036194188638049111,17206815533576482141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4484
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
5KB
MD5c5523e3dcb84d4f57645062441ffb8b9
SHA1aa8fd896bff7f3c136e2233b250c2ff8357fbb88
SHA2569cd360c9c9fb783fa91e92b9b2bd6b3d40755b2995d0b417d33112b373695fa2
SHA5120417638fb47faa294d1e4bd27fc71aa7cab26f1c76439953ec8f1ce2cf1d9d5c3ec80c18428b977439f1ee9e9e6cb5f9f6d6825554e45f9c833a0c34ddfe4134
-
Filesize
6KB
MD54c5e6e95177a1294b15a8c5f83af4795
SHA15e74c666260d97f37e5acec38073dbeb8a2a175e
SHA25644442a9f5990608515fd0b9735857de23b06b6f26cf95f23d373a0924b8b74cf
SHA512db00cead6c0ee26e86809b2814770fa1a3d95d1890cf7b18449f7e0d24f7e948995919021b545d101928d15b514d8dc1b78044482517695ae9a20196f7534908
-
Filesize
10KB
MD5dc80fdc5d0061b50ad3f9e7a1f8ad88c
SHA181fe870df95994b89b474fae082b94b56d273bc9
SHA256b82c39158aeb7e4e740a3f17ba648497f4b671e0ea6062752d7fbe355cdd5484
SHA5126004ec3bc9fa973dc2c12a812466921412c744b333d8caf049d6c7e98acf51268de6cb18f1cd8f20f18e84a20e31d5c765d0c1aeb2c40494d6eb75ae2e8c8143