Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 17:26
Static task
static1
Behavioral task
behavioral1
Sample
d4e28261e1a397ff643deb23ce3bdd19_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4e28261e1a397ff643deb23ce3bdd19_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d4e28261e1a397ff643deb23ce3bdd19_JaffaCakes118.html
-
Size
52KB
-
MD5
d4e28261e1a397ff643deb23ce3bdd19
-
SHA1
71e0e97d2061cfbd5e1c62dcc1c363f24bee5508
-
SHA256
be70e2eae24cfd186aab9ef16f1ffafd27f55759595bb9b9f94f3d9abfe2b5ee
-
SHA512
3cac1fe0783bde80d82858a772e0631ad57b4cbb502cf48abac63619c4da46242c2f5fea0a2586c14403a8006be89e854febbdcb108b72d902b4debd905d120b
-
SSDEEP
1536:4BaS6+jImq5RRppqqddiiHH95OFH3LhsotbDdXbLM:iaS6+i4FH3lsotbDdXbLM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1628 msedge.exe 1628 msedge.exe 2104 msedge.exe 2104 msedge.exe 1788 identity_helper.exe 1788 identity_helper.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe 1656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe 2104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2104 wrote to memory of 968 2104 msedge.exe 83 PID 2104 wrote to memory of 968 2104 msedge.exe 83 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1236 2104 msedge.exe 84 PID 2104 wrote to memory of 1628 2104 msedge.exe 85 PID 2104 wrote to memory of 1628 2104 msedge.exe 85 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86 PID 2104 wrote to memory of 2164 2104 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4e28261e1a397ff643deb23ce3bdd19_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87df646f8,0x7ff87df64708,0x7ff87df647182⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1157299782212448160,5326935723835774090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
478B
MD5737f0986b7dd9735ac367b18eeafa235
SHA199cd9df16e995706cd5b7c3629851b047e373536
SHA256c4636961dd53f95ccf9a38f33ec9964db917dadf63b9e6b58278940876f167fb
SHA51221788e585bf39d2c5cc402b94fc180f6b6fbcfa2d19dd0478b1c46c201887b3396660743c10f9bfdb77fc09a8c37a56d4c50c430d3535978d0a63858403293ed
-
Filesize
5KB
MD56f7102cfcbd754a064ec4eb7bb8b212c
SHA1e6d42a5081fc5e533a18812b21c650dfc9fc55ab
SHA25630d8e87bfb1354319f5fd00b63e3864ad78a4233d2eb688c0eb25b53802eaa18
SHA512e6fba373014a798f746b3cc8d225cb95840d5905300a0daca54fe9e6915a456558ef163d61e2d5d5db01c90307f7b4e649faf17d5c8ab47ef75152f79915697d
-
Filesize
6KB
MD5b227a6058532a0f91cb7968be72ca368
SHA1b6d0545fa07fe406bd6251d2c9ba24f4567e9463
SHA25686a47bca89ad2af47debccc6d21a234409f4f0a0e2ef9335d3c123d9ab65ce58
SHA5127e107ee5aca32014e1fd237e18adae9da310093827fef48be14df9e91f8a40ce2564048bc9c44cab6789e872ded07c2377ae52d3c380bf997378fcf93476248b
-
Filesize
6KB
MD5615df652ede9c11f43613ff6d244fc4f
SHA115c301294c7cd55214fe430a7aa6a66accf474ca
SHA2563933663d8cf9c7648a6eb6bc7228694070aa98b329736a275edd22dc9fd6176f
SHA512faf1712c57a5981f984f28499af9f0812e4e2225dc0cf6d61baac24a2d2754b18677796b28f22d732b7271745a7b785e94da8a0ff90804704ebeff39f5c3bb22
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d51aa12a2b2f5d438a788472c72d09fc
SHA1538b743a9fe309cd90b134c98d3b7f6aca0e2e4e
SHA2561381b6b7d6d381d5485347e97866cb569a98e69807257d672d87f54b35f1d4a0
SHA512cf01ed2cd5c962a6a3916b8e56a5884d3b9a84a4185d00313fddf1352179cbe3bfa2147e22b28c4138818f0e324d411e3ddfe488f9db156b4dfa1cd8c2b1ed5e