Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
f0b26183f6bc08d20c3f5e4cfcfbd393_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f0b26183f6bc08d20c3f5e4cfcfbd393_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f0b26183f6bc08d20c3f5e4cfcfbd393_JaffaCakes118.html
-
Size
18KB
-
MD5
f0b26183f6bc08d20c3f5e4cfcfbd393
-
SHA1
394da6b6b0a7f657b94057d7ab0a25ead9768023
-
SHA256
4a5017920e24d11def220b5faaab12d5a74c4685699b24b23705aad233990820
-
SHA512
5c34ffc035d991373762536abb00469bcb769748d8822f5319d59f897f5b3678286c9427ce76933037941336fcd98d7ce5626bcd26776897309a4db299c0d449
-
SSDEEP
384:NdiRU0bUEA8iGTT7cXWFV+Na80vCnWocdQZQ8j2dXG:H0btiGTT7cXWf+Na8vm8j2dW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4304 msedge.exe 4304 msedge.exe 2804 identity_helper.exe 2804 identity_helper.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4304 wrote to memory of 4996 4304 msedge.exe 82 PID 4304 wrote to memory of 4996 4304 msedge.exe 82 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4380 4304 msedge.exe 83 PID 4304 wrote to memory of 4840 4304 msedge.exe 84 PID 4304 wrote to memory of 4840 4304 msedge.exe 84 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85 PID 4304 wrote to memory of 4760 4304 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0b26183f6bc08d20c3f5e4cfcfbd393_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0dc446f8,0x7fff0dc44708,0x7fff0dc447182⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4729893729437688943,4710415850499845338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
5KB
MD542a244a8b4d8bc3f3e97415011e24e10
SHA1bd49f81a6c11846e99ebd05f8c150d49e119489f
SHA256f6e00bb71d91e868eb777ff795b9f0de4dd500c4113de4e45f659f6ea7100a84
SHA5129bab102b7a20c64421ed70c7659d29cfd07a056f27ac07644302c2227b3de2ad313951413e421bf79b2fa1cb438fbe2016bd5c57f989539a15eb103eff704348
-
Filesize
6KB
MD5e2d17e6c027ee6bbed698535bf5f9377
SHA1c1bca83e9f19ae0af996c893812b6a79a2b0fde5
SHA2560e3797e5d90743d613d63c994e65147fdab5ee5b18c854386a00f82b7ff763f5
SHA51224bb1da83180619f9799e71cb3cd1667b986b06d2b374c1c079b85845208e58a4eff9c729128e4e49e14ae3e66a931b3d8e02df6c87b08fb723e0a75427ae77a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59a4d47a210818ecdd1dccc193ce15e92
SHA12f46e310b8ada4cc1a073b150fa3a520d7501307
SHA256f9b212f11f82e4ccf5b1acb1eb5e1d55a42c9c3a60fec8c665904031aaf4b6c4
SHA51201087cb6dc13b5737d226481843c6160a71b96a195341b2f2294f54ac41e3121d87de28a81de51b06fef161fdae4c6399ccf3ed964e238a54c5891db9854c51e