Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 16:07
Static task
static1
Behavioral task
behavioral1
Sample
dab986c84edf7f547fc8675b66471614_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dab986c84edf7f547fc8675b66471614_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dab986c84edf7f547fc8675b66471614_JaffaCakes118.html
-
Size
24KB
-
MD5
dab986c84edf7f547fc8675b66471614
-
SHA1
15be364d5fbb0377f6dcd39c339ad314013ce3e3
-
SHA256
4409e41c3c8215794a8d4383c5c2a291125c8ad6b82398a31386ac90bdfc58e1
-
SHA512
9cc6ca4335256eb70d804bb8e63b6abcf8eb568e1cffc1671b2e9c0fc67a22d1152bdffbab1af44130bbf7fc2267d667269677017154603c29999cb34c205b24
-
SSDEEP
384:OfEuzvVY9TBMnBM9BMVBMGBMLbfEF0OVDKBKoKeK/KNPdSG5UxKtaiKOF:mEuztMCnC9CVCGCLbCVqb5uU
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3068 msedge.exe 3068 msedge.exe 2796 msedge.exe 2796 msedge.exe 548 identity_helper.exe 548 identity_helper.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2796 wrote to memory of 672 2796 msedge.exe 83 PID 2796 wrote to memory of 672 2796 msedge.exe 83 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 4536 2796 msedge.exe 84 PID 2796 wrote to memory of 3068 2796 msedge.exe 85 PID 2796 wrote to memory of 3068 2796 msedge.exe 85 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86 PID 2796 wrote to memory of 1620 2796 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dab986c84edf7f547fc8675b66471614_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabc4646f8,0x7ffabc464708,0x7ffabc4647182⤵PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:82⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11785823363050606056,14106503708892777462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:512
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD59c7bb3704eebb6f36428d6c6bdd8c428
SHA1b9fe5d42173e91e4b17050836bdc3d9a6591a680
SHA2560217b4662f21c732c8da14632bc4d05b32d7c8095c36bcc0ac660eeeeae44b2f
SHA51278a2959405cc78bc7cb26861443f3bd263ce9a7a2db507af53b67cacb35d9a8997ae182803da77f738250d5822c6a0fe26412618813b8dc0c2e6ed1660d3db5b
-
Filesize
6KB
MD5a87986131b45de9dc072ae9308d9beee
SHA15d9cd80bac591061731d921c1b0fd5e65435cc69
SHA256150d6ac8737cf073dac07cb4aaaabe153f9f106bbecc92be70af48178476b308
SHA512a8e70fff34b2c8bd4a28a77ce26a7ec6cb03ece56d6615342f2671babe9ec18220a38d667f0143cec7fa35b8814ffbb72c1ac3ea2fb16a4adfc8b0273cf34e33
-
Filesize
6KB
MD559021fd01cce3a6f4e08ab29b49eeca1
SHA1d750af22ef3e19b146e12ea51dda16eb25c14db1
SHA256ed1a5bda439d8913bc3e8305485b26ae582b536d0c5bfe37308efafa04890ffa
SHA51204b5a6388ff5daa5f2c0ff697e24d21765b80def69f7f9aff71d1d578b7da006d816669bc4ef8a8a7f28f7cbc971a617da35dd3175de2ba8322258be575bef5b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53b8bb73616a0cf12585b4bb107c6c5a5
SHA1c18182a56cbb1b8ce88face49030d655324cc70a
SHA2563baa8e6a6ac3be2e53b4cca29ac5de18b8d1220496e76db661e9e5337c3cf39d
SHA512a3158717df8b9268a3eea049b47ea942d5e3d37185f1a7043aa0393a6cce4fb7b3a247fb22c6033fda58303ebf40b76c488d87c0048d2c6ec90ccd1caed2ad9b