Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 05:47
Static task
static1
Behavioral task
behavioral1
Sample
eab2cd14b63151d8d9b00bc1a9aec776_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eab2cd14b63151d8d9b00bc1a9aec776_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eab2cd14b63151d8d9b00bc1a9aec776_JaffaCakes118.html
-
Size
221KB
-
MD5
eab2cd14b63151d8d9b00bc1a9aec776
-
SHA1
d27e8f17557b8d5d3153e0a267b01784458bd18d
-
SHA256
2801a67500a3a502030c1d84e057e83668f78bcf1e6b988bb34baff549048c49
-
SHA512
0c8d59f9bf347b31e0f31c58baf87a3486576fc6d36a82b633ad6a51e0e7c904ae011e214e5869cc89bfd5a76e21226b14524fdcc643e5c55488adf7d101d05e
-
SSDEEP
3072:zyhHo9nTRjIyUY0esnxepiwQvZ3CxWQE0As0e7wj8hrkSs5:XFTRjIyB0e+hvs0e7woO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1144 msedge.exe 1144 msedge.exe 4764 msedge.exe 4764 msedge.exe 3992 identity_helper.exe 3992 identity_helper.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe 4552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4764 wrote to memory of 3036 4764 msedge.exe 83 PID 4764 wrote to memory of 3036 4764 msedge.exe 83 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 4932 4764 msedge.exe 84 PID 4764 wrote to memory of 1144 4764 msedge.exe 85 PID 4764 wrote to memory of 1144 4764 msedge.exe 85 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86 PID 4764 wrote to memory of 4448 4764 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eab2cd14b63151d8d9b00bc1a9aec776_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83fde46f8,0x7ff83fde4708,0x7ff83fde47182⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:82⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16764795467637214573,5623715153278291246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
383B
MD5ab295c41694ecff07b2398a852c7fb9d
SHA1bb244dbd2333e7c7dc75888563886631f5d94e43
SHA25612eca0cc4f9741a3d952d5e05e510da001b9b71b6cf57e854b2ea80232daef2b
SHA512b13d79ef540c2743f74d3445afd47c69d9325cdfc871e6c299877a7600f67c609631b91556d71c6faa126a6357eff1ca4846a818d6dbddf15ce32100ec7f1297
-
Filesize
5KB
MD53cf8b90b99cbfed650c11cd0883cf548
SHA170abba97bc44160453d1b208a9dc14a5bf642abc
SHA256e0718fa0c1edffcb917db89ce330019263742a16fef1ecdaf471a4f53fb6090e
SHA512d51ce00312a36482cdf10f8a553d96abb79339f8d57631c896e7b2b8fce9264ef0347fcab6370c5c78958ae1c171ca97715a79fba87a903784cd80dd714cf7bf
-
Filesize
6KB
MD5952649dec8f49e6bbe9115cd68d223b9
SHA12e1f81b7395e74e521bbae357b1c3ad1aace49ed
SHA2561da9a3c8ac4950cde31aade2bfd0494e63d566c43a247d0d9bea563a93c450da
SHA5125103509adcb49499e3634717dac0d76f53b4a6c831ce2902412b2fdcdfcc34727c7445a417f469a777a6e09f7927911e330d5b60f91174303186ab48d3ba5a69
-
Filesize
6KB
MD599ebf58620e6e71f802bf64eea83c195
SHA13684c3573cbf2c88d86b165e2d6f5dd1ae0554b0
SHA2565843e8be2c86e3d355f31096a4a49f72ce10ce866384e025afd69869ce0b64d1
SHA5128eed154ac081adc4d626199c4171a1bd7d8eafc537fc8896c46771565c571e87ea78328a3e3498775781590e164c29a2db056f266af472c15dac38d2a5f9584b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c71de773edaeaffd5c5146573263d894
SHA1b7089090e52ff136f466a405583f31f241972413
SHA256e03916fa0d072871d71758de5de33b8b4d327034c8eefb263d7ef86e1478ddd8
SHA512b55b45fbe4bfb67ecb4467e72b51caab2dd45aab061a0f3617da4724d1b2271ea90d5f66a88f3afb363b07b6972c3335442426febc571c22c85aae191f85786e