Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 09:04
Static task
static1
Behavioral task
behavioral1
Sample
fbf4b66852b319bde3e72edf97d2fffd_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fbf4b66852b319bde3e72edf97d2fffd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fbf4b66852b319bde3e72edf97d2fffd_JaffaCakes118.html
-
Size
240B
-
MD5
fbf4b66852b319bde3e72edf97d2fffd
-
SHA1
b50f752c7863c358a29c1c86d1211a95e1b6d2e9
-
SHA256
45d61e05a0731c011de2906e320dcf77f3ab89ff3f40eda7f990a0e259c1b5f9
-
SHA512
b8d5b9521f6a9f2518de00ce9ae3fa45c224206abfcd809cb018d2f68e56200a16d04fbffe29409a2719308c82e2ae90bc0930c0bea7163bea05e47a85c2a026
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4876 msedge.exe 4876 msedge.exe 3108 msedge.exe 3108 msedge.exe 1576 identity_helper.exe 1576 identity_helper.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3108 wrote to memory of 316 3108 msedge.exe 82 PID 3108 wrote to memory of 316 3108 msedge.exe 82 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 3388 3108 msedge.exe 83 PID 3108 wrote to memory of 4876 3108 msedge.exe 84 PID 3108 wrote to memory of 4876 3108 msedge.exe 84 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85 PID 3108 wrote to memory of 2008 3108 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fbf4b66852b319bde3e72edf97d2fffd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabc4646f8,0x7ffabc464708,0x7ffabc4647182⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11635465747473919465,9262585054269061356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
5KB
MD5b00b2da69f0122642d2f211e4c9fd548
SHA1059e79f3029f17ff8a5ed537508ddccdc6f29e47
SHA25629bd55ce65e6fd69738f3cb9a995b7fe7bedb2573aa4bee67b5d6eb39d431c96
SHA5125a0bfd30ce5f43407378990fcbe9e227f489002879ff87b6d26dd0397cd52e7fb04d70be45f8fa88ee51e766f333a11731c3e0b750b729c782bcb792ff3022cc
-
Filesize
6KB
MD5d6c3f5ec8432414443e51da0203b7aa5
SHA119b29e8764a6c51839e62f0ea772ff38f4b73ce1
SHA2560b0b040c642decf02896d241c7aaa7ddd307c0200bdf7bc96368e7a70b09cd71
SHA51247ca565199eac0c4d153e6754323c048aafd6bf6f813632f88ce268547987909df34a3825c4e7a3bc5a44b895ca9bbb5478b63dab5fe50bd12e217209975e164
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dc030a750ba8c728b9d915b6b6206f9b
SHA130138ea04c0c2af03f71665624ea888816e803b5
SHA256a00c8d8c56efc99737d69fc63d77d3b55eeec6e46c3075c80b9d07507b8c3172
SHA5128a5a5c2456ba2d84053aa600ee1329b94e9ce0714de00cc1004710879d224cac9323aaf9790878b6ab891027457336e18273025e0a2ce9549c1d14a990be5ddd