Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 22:44
Static task
static1
Behavioral task
behavioral1
Sample
d736ca57c4ee9b02d4749caceddd2e77_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d736ca57c4ee9b02d4749caceddd2e77_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d736ca57c4ee9b02d4749caceddd2e77_JaffaCakes118.html
-
Size
4KB
-
MD5
d736ca57c4ee9b02d4749caceddd2e77
-
SHA1
38091dff7680d83f7def318d3999e8fd0fec5199
-
SHA256
8870051dd989357b7afc06e96b826de28cfcde3b5f2316f6a921b596999452bf
-
SHA512
cc81b9218ce349780bb49d64cd3744c7e0b4f1fba41d7bcbb300cc0a390d731fc95d63f024585bcfd041fbdcb3e6a07a3efb21538fc5dcadcdac2eef8421c63b
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oWf0zqd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2588 msedge.exe 2588 msedge.exe 3264 msedge.exe 3264 msedge.exe 1880 identity_helper.exe 1880 identity_helper.exe 2228 msedge.exe 2228 msedge.exe 2228 msedge.exe 2228 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3264 wrote to memory of 5080 3264 msedge.exe 83 PID 3264 wrote to memory of 5080 3264 msedge.exe 83 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 1068 3264 msedge.exe 84 PID 3264 wrote to memory of 2588 3264 msedge.exe 85 PID 3264 wrote to memory of 2588 3264 msedge.exe 85 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86 PID 3264 wrote to memory of 4084 3264 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d736ca57c4ee9b02d4749caceddd2e77_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff381446f8,0x7fff38144708,0x7fff381447182⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6484868913669967732,11106511458810601425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2228
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
292B
MD503a9a6ae86c187548140cbc4e6e959ed
SHA1390d346d2c0de29c0b71e94b96f4d11426138beb
SHA2566cc30c2ccd820f8e8d070b0cc3befbe14c1adcc7b58bcd06c09206228388a0e9
SHA5127d38e5af81d3b5e2787a80ba2fcf3fe962cf085bae33433eabdd8cc1389475a83ff0103a9717d2f2321b1e16c19aae09e035f8461b992cfeaac6355dca95ed88
-
Filesize
6KB
MD5fd4a9269c842fa6d17fb6cd47afe2a26
SHA1e6c5a79c5764fd246ec8d2d400e81b79d7b43568
SHA2561af6f8bc56d03fcf93b60bfdd355d8a22be442764ecd63e1fc84d2ef57e3b0ef
SHA5125b3d5b60de7996d1d1c2eb5d129b882e015fbb0dbc08af578028756d5342ced3a021396dbefd628cda0395e701fe61bf84ad40f8f7ba3583d702604324fca121
-
Filesize
5KB
MD5e07406420f0ac013586eb14b28edecac
SHA180e362616e6467758d8669c3f2715a8c15eeebb4
SHA25666e2f72a9143fb6062a2796f8ac4b0292957efe2db94ba8bd6fcb9ed4ce38cc6
SHA5127b8e3594d175683c04fcb16b0b30a72a3ab71b2d35bc301f8f9febf547ee29acf4a901ec8eafd4204e8f1af27d00c461843364a6bd3f69769499cf4f129df7c2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54df7cd66f3e212cc63807987764b4f83
SHA1785706cd5572adf436221044f75bef228754f445
SHA256f90ff746ba006d02690f89349ec5a85590430ca6cf28f6f51050ee3bd43db207
SHA5126df45deb136c898b439fa8f7cd1f52ba0ae92ef0193401cbbf1df34ba31a99b4c8eceb65b1b305f0708f7fc4721f448aa1266fe36f129e4673cbf408698a0329