Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 21:49
Static task
static1
Behavioral task
behavioral1
Sample
d5253dfb2fb36f5996f781726b83b98c_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d5253dfb2fb36f5996f781726b83b98c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d5253dfb2fb36f5996f781726b83b98c_JaffaCakes118.html
-
Size
27KB
-
MD5
d5253dfb2fb36f5996f781726b83b98c
-
SHA1
263baae692be49d98e6348cadafe3e9ad686ff3e
-
SHA256
aa1c5c127694e831e908a52a595c2c553d58088b206c83db14241ff8c109a442
-
SHA512
8c5fae90265c2be4e4b04802698847391a906bbb84e96d1982504d9d22280aa3fef5b6b08050bead3c398aa291c20fdb5a5cfef664c4fe12f5847d7bdf67eb64
-
SSDEEP
192:uwLkb5n9CnQjxn5Q/0nQiePNninQOkEntM+nQTbn1nQ9enjm6ufxrQl7MBvqnYne:UQ/ECFWxyS9WnB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1876 msedge.exe 1876 msedge.exe 3196 msedge.exe 3196 msedge.exe 2736 identity_helper.exe 2736 identity_helper.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe 3668 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe 3196 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3196 wrote to memory of 1360 3196 msedge.exe 83 PID 3196 wrote to memory of 1360 3196 msedge.exe 83 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 3024 3196 msedge.exe 84 PID 3196 wrote to memory of 1876 3196 msedge.exe 85 PID 3196 wrote to memory of 1876 3196 msedge.exe 85 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86 PID 3196 wrote to memory of 1688 3196 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d5253dfb2fb36f5996f781726b83b98c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d347182⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16778143903657355479,3826510527137182295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
6KB
MD54bd10ab67d4599745497d1353b3742bd
SHA1d79c180749d0ac14b491624b6be51c8789649077
SHA2560d3a8c24767d24ac3484bf9b8e65f10380a1da1e647ab2bbb429a65bb6acab48
SHA512aad5e246b5abae22046647029d6a2cb78ec177f642b7da67a13350a3ad8557c24dbe4014483c281125ec3cd57aafd35f1d13a645673f9fa8feaff8e0f1c396d6
-
Filesize
5KB
MD50b3436fd904eddc525368d80cd4884b8
SHA164fe4b7df9dc8cce44b4565b8436be2881b994ba
SHA256020c14d7f3ed46cf691eb1a480c0e4380c268d5054d6d0667bab0a146c9cb6c6
SHA512350897aef28feb994d3dd7415392ae7ac3c0f7b6e0b4d3bce55140e062129e55a5bc24ba54b8433c54aac5855440b5c2e53eb0ceaf727411473a30947830481a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f5873f1a07c253f6f01d54f2d51d5a49
SHA189168ee7b9e39f3be2102ce4132a75d0f3040b91
SHA256cecd3a788e5a7de0b387f945e238a745e8d06f67f5a2e88ebae8b7b91ff7ff07
SHA51292a05a68b1ce2a645bfcf1982536a4c1af746ee5c21d5dff4557decb623d9505cfa5a3094cca96a62a4879f45ebe1ead13173ee1d09bfb484a7cd4bf13eacce6