Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/09/2024, 03:07
Static task
static1
Behavioral task
behavioral1
Sample
e196123ee4f3939b8521d11e07ad65e7_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e196123ee4f3939b8521d11e07ad65e7_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e196123ee4f3939b8521d11e07ad65e7_JaffaCakes118.html
-
Size
15KB
-
MD5
e196123ee4f3939b8521d11e07ad65e7
-
SHA1
819c1d45a92a3cc7fcc30be9774af7bdf1abff1d
-
SHA256
c91037ad0bdcffe4802023da1f4572268959c6e2145442e61ca9ca89001586a4
-
SHA512
a716335daed2969817858b77ef0b4c1e6683108fe82d74e974d220bc00ff1b7cc47c840ea42d14a3d3fe81e4b1c995ee96af4e7370b03d68c00e031ca40f132b
-
SSDEEP
384:T48Id4kW4nfniCTWggdnr2fEud6EJ/W/ogZ:gdTnqCT0nNalJ/W/r
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 468 msedge.exe 468 msedge.exe 3124 msedge.exe 3124 msedge.exe 4208 identity_helper.exe 4208 identity_helper.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3124 wrote to memory of 1664 3124 msedge.exe 83 PID 3124 wrote to memory of 1664 3124 msedge.exe 83 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 1956 3124 msedge.exe 84 PID 3124 wrote to memory of 468 3124 msedge.exe 85 PID 3124 wrote to memory of 468 3124 msedge.exe 85 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86 PID 3124 wrote to memory of 432 3124 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e196123ee4f3939b8521d11e07ad65e7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8078f46f8,0x7ff8078f4708,0x7ff8078f47182⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1047854708472973159,13616032644614768505,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:220
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
512B
MD570933af3ed20b7feb296758368c10a1e
SHA1d5323c6f342b5cde078d0be7230770e82b0a52a5
SHA25650eba73f3d010b3854a34160ead0b4bf202f8614ae042ccddee7100712043912
SHA5124034382a311c5bc0abd00fa73911cf6488a255606045db002f3b7e3b12e24f183e1f70700f334a921dd01c4b725a7f4a30e1557175fb8777fcb14cbe328c34e8
-
Filesize
5KB
MD5b429e2196814ed8b53891bc0f704742b
SHA1a2bb8016f9e4991d39885eb0b63b2c15a5740b57
SHA2560b7f78d59540fc671729a12c7792a05ecd34e00c9f166cfb39d43f9a41dc25c8
SHA51281e1469cc9dfd0221e4ebad155023e3a5b477d75b180acb1b28abcc9d66a4e1e158e98ef35617888be41b796417c5ec8a1b87275aa8324f11c19b4660cf29e80
-
Filesize
6KB
MD55a058f27839a8fe7263758818d7a76bf
SHA1b3a077bdd051244cb2f460925c676c22bc115c1c
SHA256749ae25aa45340ae27efd9f2c05c2521cfdf280264e9754bf68c078d5197389a
SHA512378d290a363e0e69133b4d8d8764c152f762f2edd9e3247d175da9a0d2c63c5eb67f5003ade8cfa9fd5f8662b23aabb9429f419e7d03549933d8f8eca24646e8
-
Filesize
6KB
MD5d7beacb1b129f2350a549731b7161d21
SHA105bff1810289aea3fbded3b83389e2a9fd6b8640
SHA256c41c742c393e4ef001d8235acae975d723f07705a8537f7af2d562611da7e6bd
SHA5124200998653ab5c612350150921b48971b75c86c7d0752c82cc09db651ec2a7bb8c62c8f29dac7b0f03c915a7dc544964ddadda763de237fd34764098c7817bbd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d8cb0660c2b14cbfd48d6ad41b8abcf5
SHA1b0dd92bb122aa67a7c1b63c20a8bc3ab73084671
SHA2564d541569858c9095e1ce3994212d45817de08e7337a212460ee895449c0c65ed
SHA5124cff11b11cbe58e2cd2260f792ea61da75e6d22e51891c0610857b290da93bea4a10c6fc6b7502739eae72b1a35d605043813d6aadb163192778c2ef4f0e3d3e