Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 11:14
Static task
static1
Behavioral task
behavioral1
Sample
fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html
-
Size
59KB
-
MD5
fc2eed9baaa246ab7d8be1cbc1968b57
-
SHA1
a270e955019db00da507dc932471bc758b0229b2
-
SHA256
91b1a218d429be7140ae4e63ed6e10233929df25882650dc33e31bcdc226b269
-
SHA512
3f3ea833dec1d772e0456d9412d2a41d96e89cfbbd0f966f3fa79d8319f6c83c1a1c29bdd18aa84fee3c272afc1828efa319d2298e257b65214f0968c4796dde
-
SSDEEP
384:OwG7vAZ1Cym9KnjE5vq1egaf0gkHc/qGTQty0uh/mg3hSdKnJeg5BTrssEAT1nQn:OECy9fGnhgD4y4fQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 812 msedge.exe 812 msedge.exe 2304 msedge.exe 2304 msedge.exe 3140 identity_helper.exe 3140 identity_helper.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2304 wrote to memory of 1632 2304 msedge.exe 82 PID 2304 wrote to memory of 1632 2304 msedge.exe 82 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 2104 2304 msedge.exe 83 PID 2304 wrote to memory of 812 2304 msedge.exe 84 PID 2304 wrote to memory of 812 2304 msedge.exe 84 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85 PID 2304 wrote to memory of 8 2304 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffca8c646f8,0x7ffca8c64708,0x7ffca8c647182⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
260B
MD5757d4a9ffd9e91ad5321439c1010085b
SHA153aad9b5e155e474403a6de03dd054ad128fe810
SHA256c62becfb4dcc20a34e3637cc87cc266f02c005b5f6e681c7ef031c8fd0eac2e5
SHA5121e89fdd16317280bd18001d3651251d46bf73b74bf9770839c9a3f269b718dbfbce9cb27ed4b6574fb47146ed91191302916e21b87e80faa69e4d59be4afdcf2
-
Filesize
6KB
MD510115fe6f7491f43667e5e319f5376a4
SHA10390455f6c729ababeadbec65f2b65f5cb2393ab
SHA256c2103d936e8b233003dcc1b6ae1fe320b23cce68259dedf6787ce2aced3767f0
SHA51251697d6dd12ea3ebcf58d1a185d0929bad52e8df9e619f8cc50fd6ad3fa27bac70389cc9e7dc08644185529b874bad75d4c4b5b70acea39492c4994a3cdc6e37
-
Filesize
5KB
MD59ddb48cf4f432d1cb25ce2bdef78b8ed
SHA1c521e99973816ea84a5c5b441dfd0892ac071a78
SHA256ae92fe117a8932dd1278ffa842fa637f81b166cc568d038dd13d7c962da5db8e
SHA5127a2a74f5c9e6e492130367b122c1df23f6b28b1c81b65dbcaad69ff69c8346f3d09c70030030a94f519e5b647e6eb8bc05b55150b11030c00f7bc2118fe79fa2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5871bfc7ea15dedb4e2c8b26a02c51bdb
SHA13cd7f8917842b1cd22870cf77a289302dbd3bafd
SHA256c03b924efd67a0e8a5b1b20da7475684250a5c7379f9d69f5dc9d2054e13b294
SHA51269c2a73b66e365ad4b79da5366114071a4da9c89799248b125c3607b078f719b61866b035401fed59524f2b6d8f936f0561c3830e00ca3ad9451f74f7783a2e8