Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/09/2024, 21:36
Static task
static1
Behavioral task
behavioral1
Sample
ea035fd00a24b0dc265965668a9ecf70_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea035fd00a24b0dc265965668a9ecf70_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ea035fd00a24b0dc265965668a9ecf70_JaffaCakes118.html
-
Size
139KB
-
MD5
ea035fd00a24b0dc265965668a9ecf70
-
SHA1
5f4d793cef47f9bfd186282e3197c2560508c201
-
SHA256
e98f7b1ef956f58bae722f259d88d207209801e5d3d784fb07d222a2ffaa5166
-
SHA512
ff86f9ee7dfb15635b23b6215fbf696dc9a1f90331e5019851426bdb3f5dd5513a16b13b57b76f3e50f31a4cd0bd0d244c507b613bde1eb4aab7f1f57eca2d9e
-
SSDEEP
1536:S0iva1lExCil0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:S0iK5yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4784 msedge.exe 4784 msedge.exe 1680 msedge.exe 1680 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1680 msedge.exe 1680 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe 1680 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1680 wrote to memory of 388 1680 msedge.exe 82 PID 1680 wrote to memory of 388 1680 msedge.exe 82 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 5024 1680 msedge.exe 83 PID 1680 wrote to memory of 4784 1680 msedge.exe 84 PID 1680 wrote to memory of 4784 1680 msedge.exe 84 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85 PID 1680 wrote to memory of 2156 1680 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea035fd00a24b0dc265965668a9ecf70_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf47182⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7788700247846774691,12438646554833900042,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
477B
MD53876b7ed96d06bece4a4260b68f19319
SHA1d5a6ddc7da81f2d448593f048dd8c188ddea66d5
SHA2564b6a1541fbbd171a126acfdc85bc961c4538f623158aacc39fe3771e5911cc02
SHA512f78ea7dc3863933e4b52b5c73b44dc985fde3572e21c2ac9b23a89b09d85ac4777ea6434dea4bc9ce24fb9d76021894ede3240071e77bd596d9904847a2c04b4
-
Filesize
5KB
MD52483d31e95cdac78ff19a8d3a5b4caa8
SHA1025018fe67f84267218961806f625347792a2310
SHA256afdb6bd27a87d02362456aa6bb262dfb6e9914f72e5a2ad9c0d13cfe0be899c7
SHA5129414b87307f37752ec95efe6a2b4cfe4aec9e09f8ddc8d6ec49c0946fbafef8353819e5f4e68666abaac4b36b5392248579956d6c38bbd8fe6eb65f34ab76a0e
-
Filesize
6KB
MD53c41c73e1c24b7010f347c5762fec892
SHA1b1d755983fd24631d3bba24ee9455026737629bb
SHA2568fecfcd8275ffaa3c9bdb72238798a7b537bf29cfabc6d48e9f6094e62cbe4de
SHA5122e9530aa9a55764000c1fcd2c0df392be87267ddbe3b0c097050d89ae2fa8ba77f5f162babb9c340007a2720718ff612db5aba66d254e04ff9ea3a263a16ae7d
-
Filesize
10KB
MD53f46fcf87b3e2615428309a982b4bcbb
SHA17e3d6cc5886a393fc6fd5d826df7cb02096c3592
SHA256b3a1ce086c1b55ec92d6974f85d226559df0c11e331e1a10d82c0ba0de597573
SHA512d75862bdec89098db6e3f317cb414090490f36eb30464b33cec9c2ee059012786b0a17684965ce972ab118e8438734f805bc08ab37d78e0b4988e30fc02df8f0