Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
f08b792876f52da0aaf1fe11ad5c0c69_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f08b792876f52da0aaf1fe11ad5c0c69_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f08b792876f52da0aaf1fe11ad5c0c69_JaffaCakes118.html
-
Size
16KB
-
MD5
f08b792876f52da0aaf1fe11ad5c0c69
-
SHA1
e2b94ed2ae5b8a0c49454f7709326a89eb4de51a
-
SHA256
4b18471304dd5bb48f94abc85907af34c4ad07fdb3437414af03e612a27727bb
-
SHA512
b71c573edfc407fda74400d8ab7773f2e9146ce230b1927a9cc66546753e7667f274304fb5621c2f14ed78d1c948cc131c835a35dc1c2c133a6be004d5174dfe
-
SSDEEP
384:NcAcM5XjPvfw1D3fNDmzOXpe2I+XZA0DnE5Iqcyys7:ehMBPv+JPfEncyys7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 688 msedge.exe 688 msedge.exe 1224 msedge.exe 1224 msedge.exe 2072 identity_helper.exe 2072 identity_helper.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe 2908 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe 1224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1224 wrote to memory of 2748 1224 msedge.exe 82 PID 1224 wrote to memory of 2748 1224 msedge.exe 82 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 3176 1224 msedge.exe 83 PID 1224 wrote to memory of 688 1224 msedge.exe 84 PID 1224 wrote to memory of 688 1224 msedge.exe 84 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85 PID 1224 wrote to memory of 2896 1224 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f08b792876f52da0aaf1fe11ad5c0c69_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff636c46f8,0x7fff636c4708,0x7fff636c47182⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8288941582636138740,1458553855532672089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1816
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
6KB
MD58f1fae6f7b21c6e7bff661f4d82167f4
SHA119e71b803d0b4f84cd63eef5cd4796211ae87d16
SHA25655cfacaa5f152d9569031a6dd4ca0ddfa258c989dd05f4361e9a67b803f1bfa1
SHA512ed63768aef8b8cbf04f7f1104c9f2863500e8d20a3b10982ceff2f9876ef1573864c23f22d9d2848700a713646a60c7bb012108bf58b24c4063f0ed41f4abf51
-
Filesize
5KB
MD55401145847625f20b4b82c90d50e77eb
SHA1e2514c8c52325973842ad0cbf0098b4a41a49871
SHA256c330f0d2338f5dc2cda574bde5a37898f467afa0470557f221797e46f722d88f
SHA5129143a3c6259cce9909ef0eba0cecdbdeb399ff87ef67d2e34c19e03904d3ee33b39759fde342df83cf4dac988d1c11e1b925d19066d548c43c746173d848e403
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD533578932ee79a2df1cafddb05583d681
SHA12b27ec699069bb6c374ecb942af162f9e8fc26ef
SHA256256b43f18fab9e5385bdd5b83d1b6ad0c7f6f3b0dbf3f22e350453504f64ca90
SHA512e7403d2400d517999abf3a917fdbc9bb53d6980e0365a738fdf4f2e21dbd17e3012eb81be5eafd4067e6dd9b7523d2a6e0a3a38a51d8f3be423072eb3681b074