Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 05:32
Static task
static1
Behavioral task
behavioral1
Sample
d9b4c14c76f9c32d81e341d5844a24bd_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d9b4c14c76f9c32d81e341d5844a24bd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d9b4c14c76f9c32d81e341d5844a24bd_JaffaCakes118.html
-
Size
12KB
-
MD5
d9b4c14c76f9c32d81e341d5844a24bd
-
SHA1
c909fcaa0d2e9dfc838e92a0a903acf4bc03aedd
-
SHA256
b7d2046dad1d55358adec25f79e4d8379715c1d6d8627e6ea841c8fdbbd51398
-
SHA512
c50ee98c2185c9d8d8ebbcecebfabb02e09aa6df01c3f4a71cd408a8e5c4bebf9b534f3898a3f47b2d2075b47b9a4f4e8f17401be72d4dba001111b09f04fe10
-
SSDEEP
192:NOtDBt5mtbteZ7pe1vQ5Q3vR0spBSu1sOA8BJhr0tP0Fp1b9sNzPp:NSxLZ7pG45WicSu1sOA8BJhm0Fp5wzR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5076 msedge.exe 5076 msedge.exe 1012 msedge.exe 1012 msedge.exe 1484 identity_helper.exe 1484 identity_helper.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe 1012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1012 wrote to memory of 4668 1012 msedge.exe 83 PID 1012 wrote to memory of 4668 1012 msedge.exe 83 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 2220 1012 msedge.exe 84 PID 1012 wrote to memory of 5076 1012 msedge.exe 85 PID 1012 wrote to memory of 5076 1012 msedge.exe 85 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86 PID 1012 wrote to memory of 3664 1012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d9b4c14c76f9c32d81e341d5844a24bd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccaf746f8,0x7ffccaf74708,0x7ffccaf747182⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:12⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17210167881704541993,11915682633047633849,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD5b6ac6292ea759f5923d3f62d8fc4353c
SHA176f257c2fb998382b43326dd6836bc8e99877a59
SHA2567b2e325e5245a38326a5e3dd4341ee8fa0a650126dfd658e9711f902fca1ba27
SHA512f0933cc40acbdac845e2f164633a1466883564be3c19c43e429009092531c4300cad9429307d5d896e1e181368df906f7e1be6417e321900bb5615e0c538a0f7
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
1KB
MD5bab534de1076e65fdd39027462680d15
SHA11fb72d36b73e179dc95629863316a641cdbc86c5
SHA2564a38039453f9c6a1544eed12ac91164fb344b000a085aa1c2f3d5bb83db7cb93
SHA512581b40f9990e21f7bcc5049d919b9daf140d8a2d4a420c5bc7f0852f9722e9cf0b6b90436f0716bb24645c49732a1c27a2cd2929ae37425e1742a0c8366e0d0c
-
Filesize
5KB
MD5bbb8a089a14a02c960e00145e4f5b864
SHA11c34545c748f63a8e046a63e9d3ac4db03d7fdbb
SHA256a7c1b395802c5c63d991e799b40ff32ab36fbf16dd8cea21628a9241f4dedd73
SHA512f09b75b778bd86a7994170bd697910db9dbc919b6edb4ab1571e29c2d8b80c57a804beb3983ef3c9c92052b391f7d1b0987e518c23f903e6025dcf6c99034cdd
-
Filesize
6KB
MD55b49ce97d84852be539e02e43f30c542
SHA10e1a2a02ed8b1bbe2c17ebdee677efef0a16e1cc
SHA2569d3493cdf0e39476b3790408c09e187024cc54fd82d7f83f8da929c597c281af
SHA51266b79d1402827ad289787918454ee47a761a17518a33d2271e9b4d0da1827b0643fc63a925d5f4eb48516ca9d591849360f5a1376225ba5c16ce077d6da19b5a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51124d8b1ddde98358a39418a659baff6
SHA1ff18da9e63983b74f602fea540cd26c75983e345
SHA25642a63849a176cddf799e816fcc48b626f531a752f32f35dfe2c4d9968dd45bc6
SHA512edf6ef0e46078805797a2fde3447d7558c63e3295120bd8a5317f9c94c3fe1a4c75e3047af76a40f7fc1ef4e8f6418787093c36fe9f0a715306d6ab47c7f6566