Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 05:44
Static task
static1
Behavioral task
behavioral1
Sample
dbead4669794fa7221e04efd712402b9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dbead4669794fa7221e04efd712402b9_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dbead4669794fa7221e04efd712402b9_JaffaCakes118.html
-
Size
461KB
-
MD5
dbead4669794fa7221e04efd712402b9
-
SHA1
d15a554a5fd172251f9fe56cabe65019938f91a7
-
SHA256
389f3aed7976b6e999d2865395f4c3500d24e7336289ad35533a65fe66f04fad
-
SHA512
cd222303c4ce30ac51222cd2b950ccab99e482368c0f414a376fd2d027541af16917033d4d23bc062390ada6d548503117948f1ae14731c51b3ed9aa33498d69
-
SSDEEP
6144:SAsMYod+X3oI+YscssMYod+X3oI+YcnsMYod+X3oI+YLsMYod+X3oI+YQ:75d+X3U5d+X3Y5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3928 msedge.exe 3928 msedge.exe 2816 msedge.exe 2816 msedge.exe 5020 identity_helper.exe 5020 identity_helper.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe 2816 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2816 wrote to memory of 1908 2816 msedge.exe 83 PID 2816 wrote to memory of 1908 2816 msedge.exe 83 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 1252 2816 msedge.exe 84 PID 2816 wrote to memory of 3928 2816 msedge.exe 85 PID 2816 wrote to memory of 3928 2816 msedge.exe 85 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86 PID 2816 wrote to memory of 1284 2816 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dbead4669794fa7221e04efd712402b9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe9f0846f8,0x7ffe9f084708,0x7ffe9f0847182⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,8813754586177897636,8554604131947846290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4580
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
5KB
MD502c980b0b0d95aa1a02efa86273d0e98
SHA112ce333bdbb9fffc2321107bcb26a93f03f8b2e9
SHA25603255073a59c181f24e80cf04cc75c7ca4b27a38bce0c2ddc1755b35f8573aa0
SHA5120126afc3ded32dee8a055c410bddd830294c42ffff7313a801d9563a0782412721fe15ea24d3999a4fd7f50a676d8c5667ae67eaf23376d510d9ad0035dff8d0
-
Filesize
6KB
MD5f3ba7e58f30aea4cca830ba86b0642e9
SHA17f25b9ecc6f706ea41bf9e9a6444be0c5296452b
SHA25662f5227c7e9c4ebe7553b7aef3c2e5f8fbef3ebea9715c6ae6b8c853ef1f0a3c
SHA512a3d8ea68ffdcc35ca6ee02b31ea87008433333c82f3081ed10bf2076d277fb7e8a7b8cc0ae4cd5ff0fb3ecf91dff8ce5cb2f2d1dfe0e643a9135c6bb8ec9f619
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c82ce88f573e1c8c7d3bd7a0a8714ba4
SHA118b932c5b9967ea6da4f84bbea32d63fbe20da71
SHA2564c4624296685467a242df8f3314ef5d5f1b20c23045b12a59afe28db653df992
SHA512f07801bae8faf2cfcbe76c64257eaeb041b324beb0b2819c29664630a165b1a999abffc2f8839847e16a39cf47f4b9cd4ca6daa61b35f38a25dfdf558a9773c1