Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 09:45
Static task
static1
Behavioral task
behavioral1
Sample
fe44996a66b4fb7fd0bdc6978158c0c2_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
fe44996a66b4fb7fd0bdc6978158c0c2_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fe44996a66b4fb7fd0bdc6978158c0c2_JaffaCakes118.html
-
Size
870B
-
MD5
fe44996a66b4fb7fd0bdc6978158c0c2
-
SHA1
d59c4206fdedc949a40d0d562f07b4cb41918c88
-
SHA256
f6b216e213790b60f5ef5fe4e1c53968acfb2bd2ee7d2f9acf022bbaa4866bac
-
SHA512
49047988f29d774d58f35dab37084989b7f0aaf81f140ef1b1dc8d84e04c5ce031327716fea7112e9edcccac5d33809ea9adc4dc58b90e84b8e43699f6ca4e39
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 2540 msedge.exe 2540 msedge.exe 2776 identity_helper.exe 2776 identity_helper.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe 2412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2540 wrote to memory of 1868 2540 msedge.exe 82 PID 2540 wrote to memory of 1868 2540 msedge.exe 82 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 1920 2540 msedge.exe 83 PID 2540 wrote to memory of 5080 2540 msedge.exe 84 PID 2540 wrote to memory of 5080 2540 msedge.exe 84 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85 PID 2540 wrote to memory of 3180 2540 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe44996a66b4fb7fd0bdc6978158c0c2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dba846f8,0x7ff9dba84708,0x7ff9dba847182⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16260014592167386831,12888948747654560894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
5KB
MD5ea94b012d3bee1cb370cab03f269e87e
SHA12b7a480d6a59101403002b8068213e98dd4135d0
SHA256933a6a82247de772afb132e2323b70751eab9c36fdbc6a219260765d6c079130
SHA51215fd6fd8261c606ab972fcffc694504c3c39dbe7087b870942fa0454e0cf678d1f815e3dc13bc93a4c745e55c6c4877ac822b7c16b1ad6d2b8e90c71640a3595
-
Filesize
6KB
MD5802940bd01ed1138634dd61fd40eece0
SHA10a0c76d8376488a0e9a8a44a2ff496b7123a880b
SHA256414ebd788747b864ee0504e7f54e475ab8595d4ca5a7406c782777536baf232a
SHA512ea892f47de6aea456199bf4a5df201c8927fff042d5e22f2c18e84188c2a6e81dcb47f3f307121286e2d196dd22767bc3b6c65df67e5629cbb8bc45d89249ccc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59ce87537287246eb073822cb12f88bdf
SHA1fbda3a4fb496fcdf00f3956371db478f3e00f56c
SHA256f8f2c504af6b1a1191f8043144978a7f8c19ce2a63fdeb27109bc7f36582f456
SHA512bed0d213f29709dc98c9a6226db790c9ef12cbbe17e4ef37292f096ad2ed5e6cb82858a4997f5def5d4729ed165850164f4261c98d06587a648aebf5fe741331