Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2024, 10:28
Static task
static1
Behavioral task
behavioral1
Sample
e0012a567f01e778c77904f2c49e87cd_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e0012a567f01e778c77904f2c49e87cd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e0012a567f01e778c77904f2c49e87cd_JaffaCakes118.html
-
Size
132KB
-
MD5
e0012a567f01e778c77904f2c49e87cd
-
SHA1
ce94406222fbfd66483f410a9a7f60c772459765
-
SHA256
1b2a6be927eb3372ac1dbd51991a9d7f38ed4c8cb78845e2d20a29d166333e29
-
SHA512
5f15e8b62b6a8e241cf56b514b2c32da6fadd2d8f35d0e99879ce7dd1bcb599a101182c2bcbd04c794f10ce6615fc53b9ef34836cef5e0d08f3c666691f55996
-
SSDEEP
3072:G9IOpiiN1iWhTzyAgJLJxD7csUFETC7R+BcmlFVLU1N00ro71Yc6D7ojznHN:UTRgJLJxD7csUFETC7R+BcmlFVLU1N03
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1228 msedge.exe 1228 msedge.exe 2392 msedge.exe 2392 msedge.exe 3484 identity_helper.exe 3484 identity_helper.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2820 2392 msedge.exe 83 PID 2392 wrote to memory of 2820 2392 msedge.exe 83 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1968 2392 msedge.exe 84 PID 2392 wrote to memory of 1228 2392 msedge.exe 85 PID 2392 wrote to memory of 1228 2392 msedge.exe 85 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86 PID 2392 wrote to memory of 4332 2392 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0012a567f01e778c77904f2c49e87cd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6c0f46f8,0x7fff6c0f4708,0x7fff6c0f47182⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:22⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14294123865692739670,6582442742596487488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2304
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3840
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
498B
MD51dc41c29dc6eb56d3a562e546a99e27d
SHA18eb66c94f2c48ea3823836afd772e4f4a6a570b0
SHA256ae272166c5e1ee4a0e2f9a98e7d1006199f039a34bd0fd4cdbe17b7f95de7135
SHA5124e123c9ee5361467120ad4f0c17c661b52977ed0b89466704fa6880041d81c87a7f1148b53cfa1f595f30637fc57eaddb0a16af56fadb96a37cfeec9a388fd07
-
Filesize
349B
MD54e9fab88aad84c64196fba7296235a23
SHA19362931e4bd12a08cd45f6a7962df62b6aa7821d
SHA256b285cd54ccfdc697a3830b6afd5a4844fa925bcd25a4c1213941ef1969708369
SHA512a981088b70c14a666927ecb24ffe43c3c2575898b27898102e0735f72c8ae09b353fa38eaede661b1a74b986fe0112584f061faafd1d5304f3f5f66576693296
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD53219527f8c5a3df9c203f353ab0d84c9
SHA1ab8da4ba12df96c24be76fae6eea4b8baf1dd68c
SHA2560c65e1df725c9fee14e07fc675bc16192b177383a349df8e5be7ca7dc9ba5d6c
SHA512ceefbe8f9dd134392942d1a346c629b703fe293b7d2a73c15ccde9dce0d0f60607fe22f06478f7a53615567dfd0199a124afd36953c29f21eb0860437a34b98d
-
Filesize
6KB
MD55f95418c39c9eae8d0030bb1336877ba
SHA14d012984a575b2033152b4b1f295fb19e154adc2
SHA2565053ae7173d1640c770d2e9b1cd0d02a00a20f4f90c69292fbf5493de6ad8c8f
SHA512ed4a06450706987d53a9c9327522816e8dd8befa48e95712979b311cb091282f7f31769fc4eb103d7448d045c0af1e6d7568e91e296674660e0914c1ade206fd
-
Filesize
707B
MD502ad8698a76c8358e32732d17a08c57a
SHA1dde1271b70565b05ba7043d2d23d71b00a6dde4f
SHA256323b7c6f782412f2fd2d815e27e922cb3575b0ac867204c8cb44f162bac36b1f
SHA5126aad18479061acadbf2ce922fbaece9305b9ac21f2e2cd6d10ac62b7facc202377295797311c59d58f9ab0efd806d3d9881e45daa38252c3f2cf77ad612d4899
-
Filesize
539B
MD5c39c6b91a861b050519cc71a59ae967d
SHA13b68724ea71c605550553c4e1ec0944579ab7a2b
SHA25690335a8970eb8d8ef4fdd256e716db8d60706ff0ddb7226c8fd15af532ba84f8
SHA5126da769c58e2150c9b47c5ccd9c423e6051f83bf1016826b1ca2cca200e3726381dd53d6ba42e18193714232add28cf90e52050e4cbf0c2911af1ed58ce4f37dd
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD54822f6580a659d6a45ddcdde9b4e80a1
SHA1f9b98c3b9cf3f33d1677285db7827dfc160b34dc
SHA2565a10bbbebd6a22a6161a7339370ff2d11962f5164a603fdce1adbcae8836b4ab
SHA512c6a07e6a1ebbdbf9be9bb3f8d67220da1ebac5619d7e388d7de9de1b26504fc659c5e9d8d7979adb2d5492def5f3ef6740dbca3c9405f318e4a4e86b8fb2ffbb