Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 14:36
Static task
static1
Behavioral task
behavioral1
Sample
eb8a6ef2a4cc1dac96202caf4acdd017_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eb8a6ef2a4cc1dac96202caf4acdd017_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eb8a6ef2a4cc1dac96202caf4acdd017_JaffaCakes118.html
-
Size
35KB
-
MD5
eb8a6ef2a4cc1dac96202caf4acdd017
-
SHA1
b58d7f39507a8f4e3e8940d26dcbb9b84dd69a70
-
SHA256
280f3b9ffdb773ebfa88f7869b5f6983551ba52d84df9ab98221559df5116e17
-
SHA512
2a8a81e230890b0e80328c8bf6f4822bec67750669ea097ebcafcce7fe07f4e9276cab7e327bf944e567d51cc1a14a82262754cf4b3ce3dcfa7ca468ccf6da0a
-
SSDEEP
768:zwx/MDTHAa88hARCZPXtE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TIZOf6sggf6lLR7:Q/nbJxNVNu0Sx/P8AK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4084 msedge.exe 4084 msedge.exe 3060 msedge.exe 3060 msedge.exe 1284 identity_helper.exe 1284 identity_helper.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe 4412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3060 wrote to memory of 3180 3060 msedge.exe 82 PID 3060 wrote to memory of 3180 3060 msedge.exe 82 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 2312 3060 msedge.exe 83 PID 3060 wrote to memory of 4084 3060 msedge.exe 84 PID 3060 wrote to memory of 4084 3060 msedge.exe 84 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85 PID 3060 wrote to memory of 436 3060 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb8a6ef2a4cc1dac96202caf4acdd017_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa527747182⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:1156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8323539006918572145,18414626641536819310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD596142ba45f7203a8c4d877b2d70588b6
SHA1e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7
SHA256dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b
SHA512fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb
-
Filesize
152B
MD5b367ffa3cd6896506992c5bb8b91addf
SHA193c9bded12fd3a814e4a87d1ab6b102818a9996e
SHA256a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96
SHA51244e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a
-
Filesize
614B
MD50adef8c16b481c91414fbaa55bcfe8df
SHA1f0fe81301adfe1134ab7528e58b9acf85e921103
SHA256ceaeaaac271ac98f159ae8aadebe92f7c6a9beba58da0d5efc918b75bce92e6b
SHA512c60f44f1b92f779753d5c38df9fa13cfcd77468d1025b5679c883d9a6c212ef0d96d7155df2891c57d6ad3a0c7c703cf4cd8522941c07293cbcf765908b93b28
-
Filesize
5KB
MD5f4d9722cd202bbab3321524a60a736cd
SHA11b4df9c503d29c321b4d2d8f4f366b0583ba0152
SHA2563893bfb66c08de94707ab9f2b5ff2f6a901bcf09544b79f8542bf42addb86ad2
SHA512f849c59752ec8dcef568a4911a4952a8f4a166ef91ab8e136a6262d593c1b7fd1cb3fd3c3e93f080b25bb168bc0d2f1a59c21ae8d8d01a82573b76f8fe107113
-
Filesize
5KB
MD574e7979536fb00672a1c44521f002f37
SHA10f6aa862f828d5da9ec354fe38e381472f727c93
SHA256f6c828e1c4904a9c66095e83030f5a97577925fe84330ef0e9de7caf397fec7f
SHA5129834d8659b50d1c471d75b9035fe7e55c61414ad712453f1ea4a40d1562e2ec0eae97ab4d47ffa7ed4df83eae7045814c3f89a5bad39299f21b3dbaabbf20c03
-
Filesize
24KB
MD5852d886f30a60b001ee9e16d15da655c
SHA1713ae02473e2af931fb4455db3be07a00c734e97
SHA2560c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68
SHA51209625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bcd58bf046dd616b511547bd42044139
SHA1221224eef6733fb834f159c9ca3f9d470ca1dea1
SHA256c4ab386035af82c636b54d7bfcc0756bc249dd884aee3271a1e10f0bfa5b0041
SHA5127bc93d2c4fcbfd3bce28070a5b83d1649734a945f671c488ca60ca58b5550c3d68fe344a87dd67812b47c2e63f3b63c779c94c958eadc4aa7d95b002e81e4a9a