Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 23:53
Static task
static1
Behavioral task
behavioral1
Sample
df1f792b6d13993bbef3ae12a58c3f59_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
df1f792b6d13993bbef3ae12a58c3f59_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
df1f792b6d13993bbef3ae12a58c3f59_JaffaCakes118.html
-
Size
202KB
-
MD5
df1f792b6d13993bbef3ae12a58c3f59
-
SHA1
a3af063c5838782274db2a8428947e0917e73775
-
SHA256
577cb82aae24ba3027b9c5c8ecda52e25a73e5d9a3f81ed760a64a0e55fc4cd1
-
SHA512
b2a1a465bcf608ff2ae5d5660de42164563f9725023a2830e0c249f8ae46b8b5e2d28c41a3cb4de8a9331b99c6f583e978cb4f2bde30c85d2dbf9b1ca59e8d1d
-
SSDEEP
6144:q330DH6NEQwjcHXxQRVufJc/09W4kUT85U:q0DHQmjcxQRVufJc/m
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2140 msedge.exe 2140 msedge.exe 2388 identity_helper.exe 2388 identity_helper.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe 3996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2140 wrote to memory of 3812 2140 msedge.exe 83 PID 2140 wrote to memory of 3812 2140 msedge.exe 83 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 3216 2140 msedge.exe 84 PID 2140 wrote to memory of 2312 2140 msedge.exe 85 PID 2140 wrote to memory of 2312 2140 msedge.exe 85 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86 PID 2140 wrote to memory of 2592 2140 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\df1f792b6d13993bbef3ae12a58c3f59_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e47182⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 /prefetch:82⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6221817765868376973,6807424498266092427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD574e6635bfd51623639f0110114d0e47a
SHA156d2763e2e7c27865cb76095acdf72aceda2ca1f
SHA2569b5a7b1877d510f68e61229e19f66e0f8619ab1f754e76c69ccae1378af39128
SHA5121973e0663634a48534631e86b43523228400ef3fc648e8842c94c0fdf1ef8ca52eb603d9b817384d23d28ead784d720b8b04bb703df9e31ae5fa949cbcbe1d99
-
Filesize
5KB
MD5a370e830ec584fe706f555d99d1031f7
SHA1501ca1a5c6879290a4ee35a0ed2886d42b11f806
SHA256fd720d32c0f710507109bfba259a239adf3abe7243e2731c18b1b63944c21a0f
SHA5127de4d6d00674e7dfb96b2c9d326518b623b269d1aad804a781f45c9aca45747efd352321db76ff58a3091a0c0ac2408b409c9af2e813b9b6e3b439d0f20b351f
-
Filesize
7KB
MD50ec3b0d0065873ff15d81efc9023da8c
SHA1f53f73f033d6c1795278998267c719fdf589c78c
SHA256a4ab12af5c00876d93b65892838f3a50befff2012b2ab0a27b5c846af9962e0b
SHA512989abbe5fa18c98da40d7aa4539285f2212d1450b2dfe35bce9641e0d3051998284b2d7d885eb332116dc7346cd960a5e31b274cbe433c5ad9cf989149cb6993
-
Filesize
6KB
MD56dbb23e2da3b416c5d226dd8f9386225
SHA11b8114a22801368aa72524dc09dfa6106eb1f4a0
SHA25645d391dfc8c2798c0d6460c4c982715afaf120501a0a229033b542c227f4f713
SHA512e6bd6682e786b3868cd712085e563e4f2083b60260137d459f22b6d8c4155629528ad147c212c33c05ed8bd87f9e034806795596f6c9923f0963cb545e9002d6
-
Filesize
1KB
MD5f14e7c6bb996b08f416d8f3645151022
SHA1d77582791566a8986081a6ea62deee979840ebf1
SHA256129d5e895414cb68c98d8660275d05f50f736d053930c17c30c23ad1c3fa3a7d
SHA51244d0a4af00e30e672601abd35d83b4f073c48ef67e0d1a9992897f39a971fc4830b0a5268f1f201884074c88b0d2185c87cb7ac22edac2525e9c4d544f45f736
-
Filesize
707B
MD53233b4d8fa399c1f5fcced0bea6c2353
SHA15f03a56b3c24cd50ea20a7c234793cf34146b119
SHA2564112fbc5970558f190efba9a74bc835d326cb2319eb64a2940b2f23600260ac5
SHA512ae2a9cf4f9814231b03b4a7dbe36b68f95d4c2eb956e2194ac96b01fb40a8d68f9bc612f89dcde71b78eb3de9fc995aebd710c6bf2e578755adbffd2ee2a69ff
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c17c6e4de7764f6abc1ec6dea3735b9a
SHA18ff36d99895c64de870ea16dc417a87ae7adc380
SHA2568cdb80294de6601208cacbe500286e46256961212aeeeea339731a12df7ddcc3
SHA5125fd572af1c1365b40d3372de14fc21b406b0c1493fdab455d2008d5daf4b711672d7756d3c0ce87fc278ec4dc45942fae445df4a859967535b167b07c3222325