Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2024, 06:46
Static task
static1
Behavioral task
behavioral1
Sample
09632fb5706647e1c1519446e0d8562e_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
09632fb5706647e1c1519446e0d8562e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
09632fb5706647e1c1519446e0d8562e_JaffaCakes118.html
-
Size
9KB
-
MD5
09632fb5706647e1c1519446e0d8562e
-
SHA1
5cc84f7c900f189543f82ab72365ee8b80954204
-
SHA256
e4d22d90319ae8b142497f330e8ade092edf0a68c862e30d98d6ba469739c22c
-
SHA512
3938e11f9d5c6ae02a565804839790666ac8b56a269520eff149fdde6441951fce52b7367b140213f1cf2bbf25c0ffa5970a86daba1b75a71bfd6dbdcdc9bb11
-
SSDEEP
192:BEhdm2wLnCLnULnQLnNXLnAZLnyLnIHXLn0LnDLnuLniBLnHFLnzG4kBAW72OrYy:OhdmfLnCLnULnQLnNXLn8LnyLniXLn0+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4604 msedge.exe 4604 msedge.exe 996 msedge.exe 996 msedge.exe 4960 identity_helper.exe 4960 identity_helper.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 996 wrote to memory of 3296 996 msedge.exe 82 PID 996 wrote to memory of 3296 996 msedge.exe 82 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4616 996 msedge.exe 83 PID 996 wrote to memory of 4604 996 msedge.exe 84 PID 996 wrote to memory of 4604 996 msedge.exe 84 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85 PID 996 wrote to memory of 3764 996 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09632fb5706647e1c1519446e0d8562e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da47182⤵PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11563571011395584423,8900494904787957140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
6KB
MD5a405aef94a245526a269ce893709f24d
SHA1507d37039380e8a8a9334e3f90241d5cf54db169
SHA256daf563554ee969a2b72107046126bbdf1bedb3a3de94277996ec2da31d901cb8
SHA512b52ebc737296ab4ec07c217d64cd18e30430f644f6a52fbf0623d192eb176c1ee703f6400d64960e4065d5f786bd64ff84476a22391b086ea0fe2c3274d608ea
-
Filesize
5KB
MD5687e9dcb72e9f0beab4c538a0f523cc1
SHA1b21407d86295121501ac287ef0237f4955f62396
SHA25686998f8b8033d95860a831f516a0c151426145b0bf3c91bbff7d1bd7bbe87a50
SHA512d679512a2edb75c98e8dd5e87152c7e13605b832b40c8b0e449dedea2885634d0eaac4a8c6a0d4cf3a88b6b10ee30796f3af65b02a4b3bd289039a4b06e47598
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD593e3e4d3ce5f4c7161d55941de6a614a
SHA1ac0c91e3a48b5412aa604b23fbc21dedd1aeb059
SHA256e82384265e03d0be4bbd9c1b6552fdb30934072b09a168e0c6b5b27868c4fc79
SHA512df34fcf65afe314fca9db1a6ba5ea8fdcc499ea60a09cf737271f3957baffeb2d8d4883184c2e1fc1492e9c5ec9525da07b3c9f922b79e7edea8e1af8a212cc7