Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 16:57
Static task
static1
Behavioral task
behavioral1
Sample
f674573272e50f161fefc6d16e6ea030_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f674573272e50f161fefc6d16e6ea030_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f674573272e50f161fefc6d16e6ea030_JaffaCakes118.html
-
Size
35KB
-
MD5
f674573272e50f161fefc6d16e6ea030
-
SHA1
a3444b925384c23b583c830a370bab8370ea6768
-
SHA256
16000520e36ac5e074b4c58d976c4fe40beec958e7f130fbcdd628aca05b19d4
-
SHA512
50210a92b68e1979a4a53d07e86e5bc7e2528f99ad892525790a2841f2e857a7a09c1b657cd9a6961756726cbc0c3e13aa09374138592623938573d2057a97ae
-
SSDEEP
768:WKZ+Tty+G6Xp6ietSvJHqvDVp4GZlLY2vOok+6tgndo9cZmYw2I8YAHx0V:WXIietSv1UP4G3Yck+6tgndo9cZmYw2s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2712 msedge.exe 2712 msedge.exe 2040 msedge.exe 2040 msedge.exe 8 identity_helper.exe 8 identity_helper.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe 2040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2040 wrote to memory of 4112 2040 msedge.exe 82 PID 2040 wrote to memory of 4112 2040 msedge.exe 82 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 3512 2040 msedge.exe 83 PID 2040 wrote to memory of 2712 2040 msedge.exe 84 PID 2040 wrote to memory of 2712 2040 msedge.exe 84 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85 PID 2040 wrote to memory of 812 2040 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f674573272e50f161fefc6d16e6ea030_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff220d46f8,0x7fff220d4708,0x7fff220d47182⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4112585794374876146,11576188534942036241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
702B
MD5c1b4fb6c342c79608b048161c2ffd122
SHA111650bbbc583f637267152258a135855e6fcd9bd
SHA256d77954c475a18772f4cfa01481b8a65b1cc0fa6b0605334621df3dc59f38fbf0
SHA51242a8cd684c45251ab382bc2ab4a25061a35b586c39cc85a460404e7bfb66d0d5ec427edae45ab890e0b57f1bdaea1b2e8499193d96487e46108104e118379f79
-
Filesize
5KB
MD5251ef893cf579236ce9cdb6dce316c08
SHA199b32f581d70671b9f2d25e6b0d444809679a861
SHA2566810c93d55ff449f1671cd6642876e8716fe011f0dbb0636b0ecb71a067bce46
SHA512f7b67149e9b858e3ba81da318c73b86a6214c895473743e49c77d433c67c43d828e2a6bf21240f3c50a09bb1c4140534a8eb953de8bea8b700d544c83be521d7
-
Filesize
6KB
MD5ec1759f42500a42dbf885bd812f112ef
SHA1e235bf88537530230f000cedf32e69584dbd5cb3
SHA25665d5109c020ba31b95af68ae3d85c53aa19df1d5f90bb721060ce35dd1367627
SHA5120758957ec2e7ba5b2d3f7fbce6f735799c557e8ac16d5ba386f784726936b2af61859bfaf9241d83c0856d8baadbddd9d485f3f6dda3ad53a092cb29f7d8d3c3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54e015e226e3dd070b4acaf7760d8fd40
SHA15a433173858b96c15bd4529e46151ca24b35d4fe
SHA256d60a61d9b8c53642b8d35bb5d3e016cb803b5b806b97926c007e7b6121998f8e
SHA51265e5fbc0a08c003e97d790195ffdd8e1b59df651da52cc76e53422e306077829aa8dda593ff4f353c1d76c97183b23b5fec02b9bf1ffbd562c9d9a58e9204b66