Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 02:21
Static task
static1
Behavioral task
behavioral1
Sample
ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html
-
Size
28KB
-
MD5
ea69080621b4ea97638c6d33e510f043
-
SHA1
4265f6bbb09aa44548d1177c0f113bc61deeb35b
-
SHA256
36727013ecd1b36a805920356b1069b1b322194ec5a6a7e7e457379cc67a7421
-
SHA512
711b1944924bb74bb468cfdad3b0da5caf0fe9f7ff7ec48037c6a91a184b7cacf7710931d77a49ebe0cbb54401f30c95da6d35c1f2c1805d0f59f8b9f43f8b9e
-
SSDEEP
768:tlxMRoe8CSrCZSl5pxvhHpIaE5iFJesC8/k20yWypnk:mRiv2Sl5pxvhJMyRnG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1756 msedge.exe 1756 msedge.exe 3340 msedge.exe 3340 msedge.exe 3340 msedge.exe 3340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1756 wrote to memory of 3944 1756 msedge.exe 82 PID 1756 wrote to memory of 3944 1756 msedge.exe 82 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 4008 1756 msedge.exe 83 PID 1756 wrote to memory of 1676 1756 msedge.exe 84 PID 1756 wrote to memory of 1676 1756 msedge.exe 84 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85 PID 1756 wrote to memory of 4920 1756 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea69080621b4ea97638c6d33e510f043_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e47182⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,15492482826973156798,15151781734066127790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3340
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1324
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2420
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
818B
MD578fe1fc945edf15c943608e4e3cade5b
SHA1a11c79c0c4c190dc8f2bef34f5eeff25e16c75a1
SHA256606e98d4981ac086edcca52e9444db27f9a54653b66d7bec39ab943ff3ca3654
SHA5125830d2000529e576bfe5224423288b16e41a4d8fd596c4e6e8a31bf65c392468803e758ef92f9c11f5cb874aa5c6181ee84130e3ddc1bc83dcf46b6f8066e258
-
Filesize
5KB
MD5cb25716f94c387cbfbbb140dc98b4956
SHA1b2cd7d8e44ea3bf81d935a37836f838cd101b562
SHA256706fc2f5222a9c6ac714d498a36edad4224ff21e64cc02ff1297b5a1eb5cb038
SHA512eb215a73a92a56b94d77e274788eea126060f87f66ce5d03024860305c101581076df416698655386861280341ec1ab1f0f0e1870c4c76f326801856737e14c7
-
Filesize
6KB
MD51880c23b9334d25c7333a786b840ef29
SHA1ed033b5104666e4e542ebfa69659c64d1a512112
SHA256eb065c81923d660a8544a7a9b2754b4fba087ead063c5c1f5d782cce3bda3f2f
SHA512486eb92a508ad4d097efd80cd71a5d8916cb6f7ced6c70e5f57a6c78925353b0acd3e97bfaa6ab2c0d84f098fd520b717bf8ea699addc4b90d5bf95328385d1a
-
Filesize
6KB
MD5adef018a6e10f8655452960fe2236def
SHA17dd4f8dc1b6f64580d88014811cfbd1102147214
SHA2560a2a92fc33b1d074f402d15131e4a4341035c701ce58567b6b5579e992dc7e6f
SHA51274cbb4e77c1a46a3e62808cc4ffd9a7ab6463187ca6c24d491ed4088ab81637157a58131adb83ce50948c3572ffa17ae465c1391be19631b0f18ab8bd71db50a
-
Filesize
10KB
MD5e71cf1cccba31a117bb1e60dd33fe31d
SHA1b627149ddff9ce445116e284c1b2ba1578980b4c
SHA256eee4a8a9b8b9f11459bf29e6cbf35b5420090fdfb10bd69c41ecadcb308eb476
SHA512bb80b1eedd72233b68a867cd9fce8880f80bb3e21c67197a3486bca9b34627f3c48fb596846e647f876c17fc660ac756735a0e86f5b84f622f95eeea75d4cf3c