Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 12:40
Static task
static1
Behavioral task
behavioral1
Sample
dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html
-
Size
36KB
-
MD5
dc4de27f2aa5501e7acaa69a10225c33
-
SHA1
582e2c69cfff06e49363fb28d5afb19461380433
-
SHA256
b0147c61009f396e61b0e9907813b1d3a33552392d553ed2157b91ba4a9ce0bd
-
SHA512
aa17d4c450b8c34dc6f90407740d744ee42abd18fe4facb2b500b36aca4b7eed284d4146c60020a0d01e7b032c0ee9b95be849b9c06f9d771b64a0edfb6f7ad0
-
SSDEEP
768:zwx/MDTHyU88hARSZPXtE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRcZ:Q/HbJxNVuu0Sx/c8CK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 3524 msedge.exe 3524 msedge.exe 4044 identity_helper.exe 4044 identity_helper.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe 3524 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3524 wrote to memory of 2400 3524 msedge.exe 82 PID 3524 wrote to memory of 2400 3524 msedge.exe 82 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 3480 3524 msedge.exe 83 PID 3524 wrote to memory of 1224 3524 msedge.exe 84 PID 3524 wrote to memory of 1224 3524 msedge.exe 84 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85 PID 3524 wrote to memory of 1844 3524 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc136f46f8,0x7ffc136f4708,0x7ffc136f47182⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
613B
MD55f60f5011aae367979e7f24380f46d2b
SHA10ac2995c1d31ae41276d82244eaf419ca7e676de
SHA2564e0ec14051278db3106ceed4b5b09cf607ed8d7e54b0f0ba0ee3e8d77af5006b
SHA5126b2d0fb33de0c8808068f3986cfe8016e96ee3372bfd99218d008adc6c3e12b8408d06e6cb261da0d792621118372ae317255de3024e1e5eb4fb7fe099031faa
-
Filesize
5KB
MD5b479c95663a3a6810a935a0d1b358e63
SHA107626feee39ffcffeeb7c3355e85fc98836369f9
SHA256a5d96a243ab0a133bf1b34b40aaa907968847c8f72f7fa67ab1dcb82ec590761
SHA512bf42885f09296198525625311b04d0af493815ba05f88aa611169f702baa04dae83ec33aa1899c85dacf9f79b05c1bf9406c9fe5f640b5eb89dfb1c172919633
-
Filesize
6KB
MD5e09599de736f00945bd821bc4ef76453
SHA182758aa294155c20a207f782479ca21a0bd3e1c1
SHA256a39cb6bbf7c8f045d1781ef243b9e0c0314dc508e4a04243a836642d3399169b
SHA51259a124cd2bde3a394c23e7dc07f1dc47d08cfbf7b4893f430d797badec9d29cb8c0af5aa6386d8104358691f03e74b1a1f5457f629b3b13526863070f3dfdfe1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ba985d92eaa56fe00d8066ee653513d4
SHA1a829e620ceaeca9e8b6bef8b5366fb064eb2dc2e
SHA25609202e7d70829e904eb520ef80d714258d98cd6716b83d2e517c16f00f76f5bb
SHA51274e89ecd46d1885b0b64355968b3f9fceeedda28bec40fe8373ff178e64da3e195128d7e6cf8588c7d0d3a6e0aef34d0f604b7b5edfe44b7bf66dcb65f7e632d