Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/09/2024, 07:02
Static task
static1
Behavioral task
behavioral1
Sample
e1f1b345190bafc12444aa1381145bfb_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e1f1b345190bafc12444aa1381145bfb_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
e1f1b345190bafc12444aa1381145bfb_JaffaCakes118.html
-
Size
201KB
-
MD5
e1f1b345190bafc12444aa1381145bfb
-
SHA1
36c5b8607593a5e35fb8e5478be5f49fed9846fe
-
SHA256
9cbd6924944eae0b684a27ab622f5d66c4428773788ba9dfb994a36185221b3d
-
SHA512
beebc71d6d4d84eceb8cfa64758a034f902a23e234486eec066b57029591463ce6d4a79fc07cb5412351df15edcd451d52ec9103bfeacd35b49e10bdae2a8086
-
SSDEEP
3072:qCcpnouZ0bY6Zuy34yag+qVvu02zuxTFqUIiFM1Ynk9FwQqzasMh30NrX:ApnT0bYMM1YMsMG1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2916 msedge.exe 2916 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1168 identity_helper.exe 1168 identity_helper.exe 4368 msedge.exe 4368 msedge.exe 4368 msedge.exe 4368 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe 1044 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1044 wrote to memory of 2204 1044 msedge.exe 83 PID 1044 wrote to memory of 2204 1044 msedge.exe 83 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2976 1044 msedge.exe 84 PID 1044 wrote to memory of 2916 1044 msedge.exe 85 PID 1044 wrote to memory of 2916 1044 msedge.exe 85 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86 PID 1044 wrote to memory of 2892 1044 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e1f1b345190bafc12444aa1381145bfb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff636c46f8,0x7fff636c4708,0x7fff636c47182⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:22⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:82⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,15912378275892169897,6235090574176132357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4192 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4148
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
785B
MD59e8443bfc04c728297d756bd18b3acb3
SHA1e80f24a7422fe7f5ec429075052a17b4e20639da
SHA256940bce4cb5eb43453843f0af29392e726cfdd28c6dc428cddff3e21ac490648b
SHA512631e9dce919737d27603c90cbf4e0537a441887a05a85a39c03ea016647fe1b8f5af3547dd5011089cb02e485aaf6c16eb6ee1524e955bd26f3ed5d7d635cd04
-
Filesize
6KB
MD5695ad4b51ae5b9d96a20ebe66e2761ea
SHA19f591d1fa39a629b189b3ba168d277d49008cef4
SHA256564c22d82c8d330a779e34970ca25df25b2cffe950ec06134b75747c9d9b99a9
SHA5128cc21b5562cf44bced82ffb8d53e1cfafe92015a7c8a2e15f95dc8bf5b3abbcadb42e6c2dbc1f26c395302ae8802c1e313146b3c423c42a238d552652341ed78
-
Filesize
5KB
MD5f491d555f57090bdfa1b2b7a60a18029
SHA15d2e33c3489147e615dbfedec716202bae8b8b14
SHA256b1a80d327d72b7ddd6c6891ee7ae9a08e52ff7eeeec86beb610e39658600aa68
SHA51220c8ac4ac7b1ee64fbb201ef98e8d7fa186b2e1c14be81fe4e386db41cf86df960d7f1f59075ad8df80c67b41f2c77bf70d9bca19cd5b0fa8c64314efa78fba2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52983780bb072dc74968778845a3733aa
SHA131a3ecf775ca5c0479834877619d66521adb86e9
SHA25618e42d17d1240f44ed8b8fce5609e758e7f2b7a8d28a52af23d8c8338cd67613
SHA5125cd2a311a4c3c46446a868169cf98c089905376bdae607b4aaef1a5c5d89767702d996ab35379f64ffd098b778a2a1d45076793e2f1c8da26dd36c91d3a1c7fe