Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 14:10
Static task
static1
Behavioral task
behavioral1
Sample
feb15f8c5c63243ea60726748fe9355b_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
feb15f8c5c63243ea60726748fe9355b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
feb15f8c5c63243ea60726748fe9355b_JaffaCakes118.html
-
Size
11KB
-
MD5
feb15f8c5c63243ea60726748fe9355b
-
SHA1
9d81ab88e7b689a66900c4e8413bc34b662f018e
-
SHA256
d5a9135aed30eeddc02ca06c09857543cf04bcfcc18825ecb289c8a3aa7bd3ee
-
SHA512
b803c09e64b239fe451228c1600596f684ba08ae3b5813f149272a42a7804a2501160e6af0ee72122333d5b1107091d9769ea8e9844bcff12cc02e82b2c2cb51
-
SSDEEP
192:UdoLW0/eq/ptfOGAgH5o4LwSnJVNvALoS9NcR2C537r:Ud90/eUptfO4/wSnpIdNFC537r
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 4300 msedge.exe 4300 msedge.exe 4552 identity_helper.exe 4552 identity_helper.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe 4868 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe 4300 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4300 wrote to memory of 396 4300 msedge.exe 82 PID 4300 wrote to memory of 396 4300 msedge.exe 82 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 224 4300 msedge.exe 83 PID 4300 wrote to memory of 4420 4300 msedge.exe 84 PID 4300 wrote to memory of 4420 4300 msedge.exe 84 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85 PID 4300 wrote to memory of 1512 4300 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\feb15f8c5c63243ea60726748fe9355b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc47182⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:82⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4310988359185547003,9938979597825573694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3156
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
474B
MD5c8f34429952e7780b4b145a37f9ebfb9
SHA19b6a84239eb049979ccbc8390a96bcaac70cf297
SHA25648606ebfa599a66dcf7f72a914ffae41b252b4de15e99f6153fa09648981dd3c
SHA5122e898801b3482434fd8ce67c556e4c775eee345f7fabb17dfccc398bfaf8527510b0e8ea006e947a03bf01c1f673e2c06c15135c16817ace1fc3c5158f3f018b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD54ba7b2428349eaaea70cbf93cdb1f9d2
SHA18ba3113682ce8dee791685619579776579f22a59
SHA256d6ad580939287c683a861063b79fb44368b0a04b2482c8fa229913445ec1e25e
SHA512ecb94d5d38a64ba0361c5352856b368735ddfd8ab8862c8589930109c0a17a71cd905285e659fe01c9a11b6b7e55c86ce9972d34d5e88c18e6acb45c370c62f3
-
Filesize
6KB
MD5202c733ba1c7d378864cc2227bceb511
SHA10a5ea581f71b8039d91fc0ca6c8fdd511afa52bc
SHA256daa6bb7f0caf4cc0deb641b4ddc3667c08fa11f495c6a3026b1c8e0b208ba1a5
SHA512a805623c54e9ac567f1ed545d24c05fd305151d2c6e86ae51dfdc67d0dad0e02175a71821f3cb3fa76ea228e1e46e244a1eaf661cedb86b63d1e2cbaecd77aed
-
Filesize
6KB
MD5a2f6ba694917fb44a1a2d1f1bb249559
SHA1c083843dd5702f18ab1d3b95cee17c7f6d78e82d
SHA256783f4981c80348e5985c26c913f012a84c5399e2ce168ebeccd9cf5a63a6e230
SHA512b092e50f18aedb9139dfe62707d2f360f490ad80b6baf7ce02450dc201f54237227686849597bae2955b5a5c2e5eb82474faf6b365c95814980cbef89a12169d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52df811ff71a3190dc051cd1a67371ba6
SHA18c1b546b0ebced3c6f7b1d0b4a75e2eedff09cec
SHA25630d655f9983bb89b097f5acba3d32455c75504f1eb7f855482cf40aa63068759
SHA512e22623de9111814de54f858be75a981cce65254867dad3a2b5e4b761bcde3699ad50ae082fb71c3d4ab379cd8cf0addefe9e26655a19a98ed3c58220d012fef1