Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 08:59
Static task
static1
Behavioral task
behavioral1
Sample
d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html
-
Size
383KB
-
MD5
d3fd85b53d1c6cb33ac7ba0675668642
-
SHA1
1548d0f43ec510be2e501b0c3d292f434a217c66
-
SHA256
2749438fdfa1d7cc301c5156a783c0e5b44f9eff14f40c7d1d70505a45037a6c
-
SHA512
01f739eca24efc9b57ac2043f832776df24a2a894014e585490d7f3a4036402a558c6a8891c661ee310a5159edeba6ae7b2a06265f54371104bf3905d908c26f
-
SSDEEP
6144:jmPlJTKJJzaQ3JYmMFSDlY3Q4Wp29xix8WLXaCy3DCSTooI6xDSwxDu4Ha6bDXRy:C9caYXZ4Wp29xixbXaCy3DCSToojDxD4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2584 msedge.exe 2584 msedge.exe 208 msedge.exe 208 msedge.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe 3560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 208 wrote to memory of 4424 208 msedge.exe 83 PID 208 wrote to memory of 4424 208 msedge.exe 83 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 3060 208 msedge.exe 84 PID 208 wrote to memory of 2584 208 msedge.exe 85 PID 208 wrote to memory of 2584 208 msedge.exe 85 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86 PID 208 wrote to memory of 1072 208 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3fd85b53d1c6cb33ac7ba0675668642_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2e9046f8,0x7ffa2e904708,0x7ffa2e9047182⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6181662557113522428,4368541608309685001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
6KB
MD5f18e6b8c4d5e34617cececec16f1a309
SHA15cc4cd065b6a136cab2071376d3904f77a8deeb7
SHA2560cb658c967b449775615e6f3fc8e250b017a3f61093dbf07d5ad105a1e5e2611
SHA5123149c5ae0a9820061eb25347d29a20ddac529c16a00f9706f152290928685ebac7977785e030898f98e5d76b963d44a6e4c4eac99f249824ebc42aff75d4680b
-
Filesize
5KB
MD5ff11b98f09d74f9b43be13ee7225ea35
SHA1bf74dabaa2f5d7f313d101e0a7f5949716f99628
SHA256b72fc95a22f3d3a780d858384fe1c9754a4b30d754e37e5750971594966940ba
SHA512af8602165598892b9ffe4409ca500df497d7a1205c73c42fe4c52b85586c85a055674304e9ec9a3bb6ec0b57040f523058a2a499c53fff2de6209ccea439da09
-
Filesize
6KB
MD5e057065d1bf7b54c8822771379bda691
SHA17bd5e38ec5129d6ebc425eca29c7d98181be89c6
SHA256ae81aaf56da4adfe849743d0459c4d3a639dfff0144712ac36cf9944db265320
SHA51239a4979cca66a87851c4ecbb93bc64c5fabf0c6cc7d9a072170272b1f7541c9f7f38c0b81634342362e22dc2d907d15abc638714fde06bb3047766dd72813ca5
-
Filesize
10KB
MD5cf5d68d4831edeee89f194d5f834b661
SHA1c79af97ab2be80c5e995745327ac290db02fe8f6
SHA2562bc0ba03479b82ed9e73b8a828b66361a39c0d78e7b0cf9bcac555ecb09d5fe7
SHA512d5f398ef124f5e96b298b4f4647f9e9db812fdded08bbcfbd41a26d607980893f110179c621e9518592e8f593aefabb556c9cc839d4ff349d753ecfaec339aa7