Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 16:07
Static task
static1
Behavioral task
behavioral1
Sample
dab96dc82dd5b088df1cad79063a577e_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dab96dc82dd5b088df1cad79063a577e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dab96dc82dd5b088df1cad79063a577e_JaffaCakes118.html
-
Size
36KB
-
MD5
dab96dc82dd5b088df1cad79063a577e
-
SHA1
1815d81e7719d96720a854e4aabb30013f0eaea5
-
SHA256
0ddcccc45136334e2167df670d88b9ecc835c9179827fb15b54bc8d574827d93
-
SHA512
1183b067c23092559871244d78a72be253f793deeb8dada8298c9e4009a84dd3aa20b8189864cd8d2435717665ce9617c50dbcc34ee112cfa48966a1936d1b7c
-
SSDEEP
768:zwx/MDTHP388hARJZPXcE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRcC:Q/fbJxNVuu0Sx/c8tK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4184 msedge.exe 4184 msedge.exe 2328 msedge.exe 2328 msedge.exe 3840 identity_helper.exe 3840 identity_helper.exe 892 msedge.exe 892 msedge.exe 892 msedge.exe 892 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe 2328 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2328 wrote to memory of 3676 2328 msedge.exe 83 PID 2328 wrote to memory of 3676 2328 msedge.exe 83 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 2044 2328 msedge.exe 85 PID 2328 wrote to memory of 4184 2328 msedge.exe 86 PID 2328 wrote to memory of 4184 2328 msedge.exe 86 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87 PID 2328 wrote to memory of 1680 2328 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dab96dc82dd5b088df1cad79063a577e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd171146f8,0x7ffd17114708,0x7ffd171147182⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3777610592219010384,16214542474415651793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:892
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
613B
MD533d7e16606636307b26a02b91db316b5
SHA1a22c2666a1da662eb7c1f5b22a3143403752db37
SHA256f67212da1e82d923067f2143e54de9736e87844e166e889fdd83e5679da325bc
SHA51204b0daf21ada1908911de56802b73b593588e37fe107546f845afce1d8bf79d85674f86c03a9317d0674712c290cce4755c72ba95951a407faae5e748694ad1b
-
Filesize
5KB
MD505442ba1cd5d787dfe73f8425f82811b
SHA1eae420fcfbabc804059f5cc0477324bddfd20890
SHA25690208c231befe621dc69ed8d66d5b85701e858b03d502c64c19b8be4e0da2f39
SHA5123a9d2544e155ced5f5d18cfc914194aec8bb8a65a162526c970e7c3cd5c66ffd5169f2e672994f36509770fed25de43eda14a7974dc4a772c0388795d5546c68
-
Filesize
6KB
MD58e81d260f75a95ded7424aa48f6d3893
SHA199afa3ee908d0c5f2ac010d04a910d6341fe8477
SHA2569f2f98f20f9af2fab5e7e15773443dd3acc9664ec60d91231cbb249bbd42cfab
SHA5126b9ce62cb463f679f93ce853197fe0f94911e228c751b275af82642490c03b40772f74532cec343e98b5d43f1f56864df8ca0136605b1505033b4a1106ec311d
-
Filesize
6KB
MD5883c9d08e56f9a2bba1bc4632d6f3ea2
SHA18a26dbf6350d3392bfda0ba64781682b4bab88c5
SHA2564bbb3a628470120fbe54d8b59ba5c79e5e5c591c4eb080dd59504822552b53a5
SHA5129f91e56c1cd2619ca559aca4f1c34811bb508be15979e545ee1dcb58945fe8c81ebdb5dbc608786618bd922bd6063349bed76f355d4ec0ae2b589a050134edbd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57aa1d970b48a10fc61f2388c946742f5
SHA139c4508d2db63ef4e074ff3ba9b2330396892224
SHA256278d3779097df005de52834a02ae4ec3655f7051967bcee397b62ae6ffcb0b32
SHA512275e8d6a515031b659f609a12d832c151e6418c9346d4457b87d2a1e7c29d857461876d5210112ce3b4dafa8f47cc9abe23574ffc58c4264b9ca27737a9da76c