Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2024, 18:02
Static task
static1
Behavioral task
behavioral1
Sample
e0bb656185aacf7558f101f4cfd0e432_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e0bb656185aacf7558f101f4cfd0e432_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e0bb656185aacf7558f101f4cfd0e432_JaffaCakes118.html
-
Size
4KB
-
MD5
e0bb656185aacf7558f101f4cfd0e432
-
SHA1
9dbf056fb60e07b80d6573ef4d8798ce828bd738
-
SHA256
9bc93a27547485d573f367096bd804194cb1e70ae1d1c7eb54184aedf6b2d319
-
SHA512
2a7aaaeaec0b3283a0958817674f45bd829ba9e2d0f8709ed05af71384e20810654ce8ca36a3fe08aad16983760686822a604f158479f8088bbb304ef23f342e
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oOABd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 4804 msedge.exe 4804 msedge.exe 3484 identity_helper.exe 3484 identity_helper.exe 2708 msedge.exe 2708 msedge.exe 2708 msedge.exe 2708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4804 wrote to memory of 424 4804 msedge.exe 83 PID 4804 wrote to memory of 424 4804 msedge.exe 83 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 2104 4804 msedge.exe 85 PID 4804 wrote to memory of 1480 4804 msedge.exe 86 PID 4804 wrote to memory of 1480 4804 msedge.exe 86 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87 PID 4804 wrote to memory of 4148 4804 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0bb656185aacf7558f101f4cfd0e432_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7cdf46f8,0x7fff7cdf4708,0x7fff7cdf47182⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7940813937114605024,4369159044679327309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4372 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
292B
MD50cb10825ad0dc06ce8a214be16a4819e
SHA12405d0e984d4d5c57759abb2c0aef1d662aa098f
SHA25628635f262ef4b918cbc72070d2eed20de56b0c7b429df59abf8fbadffa8e7c85
SHA5124300cc6ec34c9294195cff1f8ecac9605336c48ba7169e62d5d90f81e723602f8fe293a8cd59cf088e821a4676d38b32112e7f7bf0df27effe388d0ca38d91bd
-
Filesize
5KB
MD5f6391c10b5a46d4a5d549be2242b74f0
SHA1bdd44c6737ff6e8f659b72f12a3816d42f0f74f7
SHA25646c3f9a7c37926aac792cd0d17ef9732fde2e03fe95551686499a37ec4c733d9
SHA5127451d60602a0b2a1fe3032f64a28bf4c0a4ac540e14a5c1c51a23f6faba7f97e1c28f3504383af442b3b4353078e4ec2407c60e5edf0efba434357275a4c2f8d
-
Filesize
6KB
MD53b141d9d2cd5e7140ae08240ece2e62a
SHA12a83e11e028aede83e3591faafc1ff5e010a5a0b
SHA256c6844689f9a875f3a94a5786bf70c029f209334c8e24893a13115a2a3231bf59
SHA512749c58a043580dc8cc69552f469009959898f3d5f1d2d30d7ee548b0395220b7209b6242499b2d390d24ce518a44e1611191336fab58dbe29cb77c94fbe0bb65
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f4e8f90c4bf37886f2db26fb210c8be0
SHA136363d5076303df7f0c414dc74ef61638c721e31
SHA25606fa19793e8bbdf7fe38293270926802a9e1fdf5e18ce1970e20b3cc906548cb
SHA5126b850f3ea2762774103f2d2d1e4c05376e58fc083962abf555b36e800144ba1587d475e8a8fd698db4524bf09a7868b05ca573c8bee42bc57c8b7da02e5a6534