Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 00:11
Static task
static1
Behavioral task
behavioral1
Sample
d558b7b2aecbb03d619b7a6afc481773_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d558b7b2aecbb03d619b7a6afc481773_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d558b7b2aecbb03d619b7a6afc481773_JaffaCakes118.html
-
Size
24KB
-
MD5
d558b7b2aecbb03d619b7a6afc481773
-
SHA1
48a4e455567bdd37810be0b55b3b605b93b90fbc
-
SHA256
f2aee43f25b50f9575d9db365350ebe2eb24b1c35f9cbed0f3dec33d4671829f
-
SHA512
c06c1f2daeb679d0176475a779de84febc356ced0217a67dee1b64fa72fccad1604f811157332feaff00307099d4afff6aff81b00689ef4e041ae4824b2503f6
-
SSDEEP
768:SlnniLqBwF/kamNgwGZTj4BTsHlnQTNCh5NO2:XqsMNgwGZTj4FsHlskbNh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 968 msedge.exe 968 msedge.exe 4076 msedge.exe 4076 msedge.exe 3316 identity_helper.exe 3316 identity_helper.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe 3872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4076 wrote to memory of 1308 4076 msedge.exe 83 PID 4076 wrote to memory of 1308 4076 msedge.exe 83 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 1128 4076 msedge.exe 84 PID 4076 wrote to memory of 968 4076 msedge.exe 85 PID 4076 wrote to memory of 968 4076 msedge.exe 85 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86 PID 4076 wrote to memory of 3548 4076 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d558b7b2aecbb03d619b7a6afc481773_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9df2f46f8,0x7ff9df2f4708,0x7ff9df2f47182⤵PID:1308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7623281681489621801,1276959805629042792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
33KB
MD5e2ec36d427fa4a992d76c0ee5e8dfd4d
SHA147ec4ace4851c6c3a4fe23ad2c842885f6d973f2
SHA25636488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8
SHA512d1ae29d19f65ce74b9b480c82b87315634ec2e96d199f5feb423918af9ad6e24c8b436e03904d452f71562f04c42acbb250256eed73bcd592a79c08911c74976
-
Filesize
189B
MD5443319881835b14fda88caab9945e84c
SHA1adb420bd20774e8eabc4d3d53ecfccb20ae7cb54
SHA256fd79d0831e92ccbffc20eed3a0d07b39a121b4f3be4f720d2981fdd2e7b5b8da
SHA51239c2c7fd638c04ce244473831d3dc8175e8e9ecb9a0df38370300233202d7d7fa9166912b8d97b34efd7b90eab6da376191e1c5c9ce253e96c9686b886ab29fb
-
Filesize
5KB
MD5576e16a248b6be0d94f223b987fefad1
SHA163bc782920fc982f647adeb137daefa1ec084aed
SHA256d9b708855187976d6eb14486c08e91764c6cdb303f2e33e25b801d9abfc960d4
SHA512cd9960df1fd965b347fb9de0c8bdfc2d3a58004e297023337f7f58d3e9b0cffa98033fa6a6603f34277b6268c30b3e1ab9d5cc1ff4f6687117d6b2585de09cd8
-
Filesize
6KB
MD5c3e0d211079d9621aa072ff1558ceb51
SHA10d96a25e53f2905123e671bc73e60b533e7a274f
SHA256dae49b8b49792c9a0fe00744dec7959f7d0fc157d144caddd9df86178183eee1
SHA512e6046d92a075d99e1e9bacd18fe2ff9ea948ac1c69470fe18451e5714727fb87b4cfc1f248d15a20e9dc9f2421ce100f32036c2d889616dd4b83b032548dc609
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56e22140bcb54656c62cbaf1dd9527402
SHA1f226192486bde67be08c180711b1b44fa72abdfd
SHA256f4f183136c0fa6418c925d2ea1414f99c1360ddfde4f1a1354f279e28bcb0049
SHA51238e33180ca4269087eb3ffeae94cdb98f9c01093b4954c77cc5b0f078337589e53ead49b9eb1b4f4a7f3835ec570c2774b8786d529b5110970bcff80ce47435f