Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
eb0bd1277416bbd758e2ebc836d1647b_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eb0bd1277416bbd758e2ebc836d1647b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eb0bd1277416bbd758e2ebc836d1647b_JaffaCakes118.html
-
Size
1KB
-
MD5
eb0bd1277416bbd758e2ebc836d1647b
-
SHA1
d3c6651c3b3ec7b19583a8f839b966571e367f69
-
SHA256
765d0a25363cfe02c84935ae75eed0303233e43c18de70735f713439ec4f5b9c
-
SHA512
1dc02feb822bfd799f2a67dc33a9881bdb3082c3aa07a0443b99863de77580956170e126d3b3ad7ef5349ce92e399c340e0cee1be027b1c2807e653f29cb2e6d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1936 msedge.exe 1936 msedge.exe 3272 msedge.exe 3272 msedge.exe 864 identity_helper.exe 864 identity_helper.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe 1088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe 3272 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3272 wrote to memory of 4152 3272 msedge.exe 82 PID 3272 wrote to memory of 4152 3272 msedge.exe 82 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 2124 3272 msedge.exe 83 PID 3272 wrote to memory of 1936 3272 msedge.exe 84 PID 3272 wrote to memory of 1936 3272 msedge.exe 84 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85 PID 3272 wrote to memory of 2072 3272 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb0bd1277416bbd758e2ebc836d1647b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff526547182⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2480982966438873647,15776359062947278286,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
5KB
MD538e2d11fdd38662c56e8721611fea4f7
SHA13a9d30b23020e8cc7732b25bcba36e9767db1151
SHA256e4b56a6eeea3d2922f9b1892bd1a504848dcf9e584cf0e06f48eaa1fc71360b7
SHA5121e5f1b3f57947314770d32df553d64f2a83e2ad700fab61356f25c56c6b89fbe606c4c83aa69c48b9125ce53537362a139b63908734315fb9cd1d1615435eb5b
-
Filesize
6KB
MD531c7c50c2780c3b7000c34dc493b0456
SHA1fe4b1da87fd01e8f791d977a487d7a4dfb363217
SHA256fb5e25f81c48ae08b6a6bf2f0e0cc3de34d3c1fa5f313c280fc1830e85aedc81
SHA512a22d6ed7915e92d765da2e2ec1efb8f0f2e3604ccde3dff47b916b1e1337be0fa2c85e49edf676d93d91df668fa24932fac799559dbcd8624acf5eef13cc8199
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c0e53c690bb81eee33a8bf3ab0f2167d
SHA16948d50b885efedffe36e900f750f6cff49cb7d5
SHA256782af61aff378c241390140d2f83180fdce2f36574945c9c5923d04ada596cef
SHA512490e271aa815d3161a4bb125ff4a126441237b542e36a0937ee7242bfab0c6bd38afbb52a12d8809bb5b2f90ab9535b13d61d2e4ec8ffd01f064b0bdb7748b3d