Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 07:00
Static task
static1
Behavioral task
behavioral1
Sample
eaceed9aced50c9314d7e82df735bd52_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eaceed9aced50c9314d7e82df735bd52_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eaceed9aced50c9314d7e82df735bd52_JaffaCakes118.html
-
Size
68KB
-
MD5
eaceed9aced50c9314d7e82df735bd52
-
SHA1
cd171c81dfaa726c826d9355138f9b2616106756
-
SHA256
e0cca2a0c79e31e6ae9660c730bc563cdc85b492a453948f6cab0496f97928a0
-
SHA512
e68f1350df33cf98ef8980fb0de0ca75597351968b3cb6d632bebd8382834bda378d01729324491b756f138d9f82530c1328ab84eccea816d0cbe863b643891b
-
SSDEEP
768:JiCgcMiR3sI2PDDnX0g6SxY0LboTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVG8X:J48oUTcNen0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 3136 msedge.exe 3136 msedge.exe 1732 identity_helper.exe 1732 identity_helper.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe 3136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3136 wrote to memory of 3408 3136 msedge.exe 82 PID 3136 wrote to memory of 3408 3136 msedge.exe 82 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 3492 3136 msedge.exe 83 PID 3136 wrote to memory of 4776 3136 msedge.exe 84 PID 3136 wrote to memory of 4776 3136 msedge.exe 84 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85 PID 3136 wrote to memory of 1012 3136 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaceed9aced50c9314d7e82df735bd52_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd3eb46f8,0x7ffcd3eb4708,0x7ffcd3eb47182⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,383217325180743894,3254956126661032024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:436
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
5KB
MD5b0be8a42f57284c66aea17efea1d8dd0
SHA1364c4b32358eb6101499606a3da2d9bd348d23a2
SHA2563c1cc5c10d465cdbbe12e3e1a1cb70110c41a59124bcf6657c451c1b7b6299aa
SHA512dab958d7ea12d378a781bbc69320a5261b83bb107390f6772bb87243b9f2f6d4e4f267564fc2c800a38e067e0b290911902a235936c32d635fbd5ead1b939b0f
-
Filesize
6KB
MD5636c9aa872407f1ffe9d6f47bafe3815
SHA1e2c669ec40340e424a9dccf60cc76bee213a4da4
SHA2569f07f013bac9b1fb63423b339d32e66b0fe75fbf6921dc00960359dbc1781ca2
SHA5126d1ed66138d805aa1a64c5d8278065cd05f433d6503f495db6c05cf36673c5d63b609b3b8fcbcb23199e98210763000086d40bc0dadd17443768fea6674eb96c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d456a8c4621979263955e0e0118f7042
SHA1b514d35fc0b635447a4ef8c990d8a96443e36bf2
SHA25610429bce738471c66717e745d62996f8567146fd4adab469014fbf115e947b37
SHA5125a9bcdf9b85be0e5a7e206406d47088f16f44f25773a05832e91e39d196a1ede27c6fff4ed5899fcb70b132e8c67c75a2076493ea28a1a8c8880e1ca8891b975