Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/09/2024, 06:04
Static task
static1
Behavioral task
behavioral1
Sample
e1d88122f6696c833ad9c49451aabf37_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e1d88122f6696c833ad9c49451aabf37_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e1d88122f6696c833ad9c49451aabf37_JaffaCakes118.html
-
Size
460KB
-
MD5
e1d88122f6696c833ad9c49451aabf37
-
SHA1
147604c1598e5aa239cc03071c4fbee12421c26e
-
SHA256
d257a4acf4e68bb64e1dc1f8fa02628026f8ec5ed922a99f7ee8e9b473535180
-
SHA512
5e3ed0e819791c02726a4ca2d2875160254aa0eee0164afeeb9d39f826f76eb5c41146253097edf7e4ff705b2db594e2950d9b8aa72f0b57eb9b44d1e7a8468b
-
SSDEEP
6144:SLsMYod+X3oI+Y8tsMYod+X3oI+YqsMYod+X3oI+YLsMYod+X3oI+YQ:e5d+X3655d+X3+5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4412 msedge.exe 4412 msedge.exe 2740 msedge.exe 2740 msedge.exe 2600 identity_helper.exe 2600 identity_helper.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe 2280 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2740 wrote to memory of 2372 2740 msedge.exe 85 PID 2740 wrote to memory of 2372 2740 msedge.exe 85 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 3544 2740 msedge.exe 86 PID 2740 wrote to memory of 4412 2740 msedge.exe 87 PID 2740 wrote to memory of 4412 2740 msedge.exe 87 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88 PID 2740 wrote to memory of 4736 2740 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e1d88122f6696c833ad9c49451aabf37_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfbb046f8,0x7ffdfbb04708,0x7ffdfbb047182⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5238799162605703885,15649255423739490034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
6KB
MD5fc4a207292491e9f0dd0def6c45401d3
SHA101f245efe6d4489f4b004dd8e2b4b984f751b34e
SHA25695af94674a4eb0b2a87aa32cc56129bfce50a6a1a1d95973a9cff9da164ecad7
SHA5123cd951c83f1c35d6c307ec651f0194a95373d2f1afca70acf9eb433adb5e86a8e9d69c0e6600dde16896d8b7b4abd7f53de87f9e771b101bf148d30923755336
-
Filesize
6KB
MD5c498ef294b746d569b535fd6fde9949b
SHA12a36b7174fc7ba2c3affb90178d32c471bc6ea4f
SHA2565b35343b6faa6cc20c0615858dbd42088012df257cc437f9c39e0c5672ac8eb5
SHA51293695a18548fb0c9fab0c814f8288ddf0fbd7d77663e1f067663a9b4a99ae80dc3ffaa7a64cf50f0e2e0d0c6a4afd2aef85808428b97df01a6265be5c7943f0e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59bf93fbb8b84612edeecee7ec54ffda7
SHA13fd89efa97438fdd7f4d14a9a89bfc212f454f5a
SHA256b6ac2896f754e77c48a13ff9886d5d6a19dc05de3a01e4b1896a894ce2bda353
SHA512cb60928ceb8127dd9392647ba8a257f222e43319d3a3f8bc2d9b8c9e9a406699ff5fa1c72886a2816b767f8eb6c3ced96a33c5ecaf8f6bc781589ccc40ddfa49