Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2024, 16:18
Static task
static1
Behavioral task
behavioral1
Sample
e08f258d1f810cae348ec48f3e995371_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e08f258d1f810cae348ec48f3e995371_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e08f258d1f810cae348ec48f3e995371_JaffaCakes118.html
-
Size
36KB
-
MD5
e08f258d1f810cae348ec48f3e995371
-
SHA1
33b80781838fe3d30402509fb1d65cceecf49e4b
-
SHA256
47cf77fd2528a609624d6b5248aff5865218f683c3b381feeb6779dd578ca0d2
-
SHA512
7e9c7416645cadf8af82244dba30fecda5b162896ce3056753bda901f09351708dd96440eef3283b75a6ab1074653753a1934560b5edbe527380b9f08a51abdb
-
SSDEEP
768:zwx/MDTHdV88hARXZPXOE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TuZO/6cLu6OxJy/:Q/7bJxNVqu6Sl/u8TK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1516 msedge.exe 1516 msedge.exe 4272 msedge.exe 4272 msedge.exe 4280 identity_helper.exe 4280 identity_helper.exe 1860 msedge.exe 1860 msedge.exe 1860 msedge.exe 1860 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe 4272 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4272 wrote to memory of 2596 4272 msedge.exe 86 PID 4272 wrote to memory of 2596 4272 msedge.exe 86 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 320 4272 msedge.exe 87 PID 4272 wrote to memory of 1516 4272 msedge.exe 88 PID 4272 wrote to memory of 1516 4272 msedge.exe 88 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89 PID 4272 wrote to memory of 1148 4272 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e08f258d1f810cae348ec48f3e995371_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb979446f8,0x7ffb97944708,0x7ffb979447182⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5304261743014225712,10164595764696418613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4224
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
612B
MD521b56c3708dc902c2f888a74e24049a7
SHA123413a3d008f4ec3aaa8d4e82925992fa12af710
SHA2569f175af064b0ab5ea4c1f010568c6ebdf10c84ca1d719cc2a1bc47bf24d4e639
SHA5124206c6b1120db775c6c1e66d751c6c9d9f39d9c7c9a2fb1a9f010ff5b479acd026b5829055f8b45d28076a0c93d7a079dad85b35a8f861892ac9660ce504f8ef
-
Filesize
6KB
MD59504470907dd61184078a752ab80bc04
SHA1d7b7ed7f228c1bfccf661f19eb7abd545ff4028a
SHA256d4600413a82fb8d61769387a914b1082a55fd8dff1fd4fe4941e4179c0ce1be4
SHA5121a14b2746e8ba86cbca4d80f0ff0ce9b975b1bf6d0636b8a0157e499593f8d7d5d3cf562d775c0356acdb4868d148a009c27579f2794ec254e3b06f2a8cb55d9
-
Filesize
6KB
MD5363a046ea55170dfaa6b8f93f4554f7a
SHA147d5c0070f494ee066efb8aa65f4e872238eefa0
SHA256a28a6a503e3383e94ba9dc5b8993835ba368f91f9aa43b67d4fbb315a502846d
SHA512edd081724917c3af6d53ee68caac193e2313e638e6dc5e43c5b369d46b4268697c794d1fd0a31fb9690c52c000afe5caebd555b038127a1c5134ae2520b11dd6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c9511c2b0c04632612fa09126c402cb6
SHA1e4a3ad8ccb07c83db6b9f1ff6618a5c50e2e939b
SHA256d8249815c20ddcfa79f04fd57366b76c5f28dd8304e93c7744117da2a46e90f9
SHA512204c6ad3ecddb7e9ca86d9c6ab2524ee6251b38eca1c5ee23e087cdb7b85ef9491d08511f773d72abe4e692e6cce1de92e1477f09b268ad9e4c08aa537d68f02