Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 00:49
Static task
static1
Behavioral task
behavioral1
Sample
d32ce123fc43edfa8b8156586e6eff98_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d32ce123fc43edfa8b8156586e6eff98_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d32ce123fc43edfa8b8156586e6eff98_JaffaCakes118.html
-
Size
17KB
-
MD5
d32ce123fc43edfa8b8156586e6eff98
-
SHA1
1a74093ef36bd68f2cc8be02f433dd9378724eee
-
SHA256
4bebddfecfd9763de8d0c64ebfc7a12cef2ba5c304f0075513384d5a93c16044
-
SHA512
aa3330e1f36ce737941736fc5c4b9ce8f24cdd43dbcbe231968e5e6a4eae1d8ef0956eb0898e4ab35ac2d1f603faddd0d3fdbc272b7a1b11bc367e36a1d3b4a9
-
SSDEEP
384:kclE6RLWqZ/jIBlfFupTKsIACsXTQRl8fdKtwoZqWY:kA9jxjIjfFuD2sXUn8geoZdY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2256 msedge.exe 2256 msedge.exe 4740 msedge.exe 4740 msedge.exe 3664 identity_helper.exe 3664 identity_helper.exe 2476 msedge.exe 2476 msedge.exe 2476 msedge.exe 2476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4740 wrote to memory of 4420 4740 msedge.exe 86 PID 4740 wrote to memory of 4420 4740 msedge.exe 86 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2456 4740 msedge.exe 87 PID 4740 wrote to memory of 2256 4740 msedge.exe 88 PID 4740 wrote to memory of 2256 4740 msedge.exe 88 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89 PID 4740 wrote to memory of 4828 4740 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d32ce123fc43edfa8b8156586e6eff98_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb979446f8,0x7ffb97944708,0x7ffb979447182⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11920504455672411534,3369932052079670191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2476
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
189B
MD5efd079652ad21c50d69ad30ccf61a40d
SHA1000bc74057bb6ab42d2a160349e1597edb211bc2
SHA256045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f
SHA51235f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab
-
Filesize
6KB
MD5c3d428839a2c7034ee8fbcbc62dcbef3
SHA1e88eed93588efbb47eada9916cc8863f522c9471
SHA2564cf601bd0aa991bd60826177895b8be5949a6e83eb5cb7b351e3108e28b95758
SHA5127059750114b907a67bcaaf7eb19bae974252a17d1abff2905fb82282eb6457876b29bdf46ae5edf5a7c768acd79edbf6ea6505a1d80e1494b6ab110abd8a3eaf
-
Filesize
6KB
MD5513fa93785efca81812f9a21e43c0583
SHA16cbe98769fcf4cd8d4a696414e0360f54d126e95
SHA256fb02a7c1748c22f317540ac533b4ec8fc039e7bde32ac19c778140dd7a2bab63
SHA5129f5a6ea80acffb605f5f3f528239e2efec7d1ac0ece21ceea4574d8fa31792c52bdf455945d3981b020b6c70ece6205c2fefb745205ed485068b065871acbda8
-
Filesize
6KB
MD5052ecb4ce0fb75fdafbae723073619ad
SHA16f4a73c27f0ceb8590fc1e253d4fec84ecc80a96
SHA256af0e904f98d6b90312389e7bd036f69f2f1ab746397e2a845943959a3af360af
SHA5127704060912070d62e7a93c5a13f0b0f2b901ee5a11a55f5f59d08aab62cf96ee4f4fb23bc8f5b01a3b547d0892bb0154a752fabb18f6dc4aa7d8c40aa4791138
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dbe36565d5efee61bb1ae3ce243cc3cd
SHA14e0f3684f70d487caa8c52e58edbfa5bf597f5f0
SHA256bc8dc007f098d29cb685b612bcf3fffac4c591e6c21ccc88c54ec44a236e402c
SHA51224e9d2153a633604a66f63c529126eab5ae7ca837d9e2b4447f72ed65ca89465a9c58c6fa6e3b74e49e13529f5690a4fbac59593bf87ac50c432acb3a9b03433