Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2024, 15:02
Static task
static1
Behavioral task
behavioral1
Sample
307c1e2b200fa9675d324393ebdd41a3_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
307c1e2b200fa9675d324393ebdd41a3_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
307c1e2b200fa9675d324393ebdd41a3_JaffaCakes118.html
-
Size
139KB
-
MD5
307c1e2b200fa9675d324393ebdd41a3
-
SHA1
09f982624b3fb30b1464c976718ab0989edfc17d
-
SHA256
4739275605ece61b3434d6fa3a620958f8954835fe411874e95363bd73f1c3f6
-
SHA512
d99bd12c63e2e5deee0d0397ee33f22d5c7e1817bae580216837ebdb9ced2a81e765b456bc5e8253f97f435fe406751bf563102b593f83ff93af39fefb737e27
-
SSDEEP
1536:S+bpSKhTLTeM23lTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:S+bTOyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 696 msedge.exe 696 msedge.exe 2312 msedge.exe 2312 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2312 wrote to memory of 3164 2312 msedge.exe 83 PID 2312 wrote to memory of 3164 2312 msedge.exe 83 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 2020 2312 msedge.exe 84 PID 2312 wrote to memory of 696 2312 msedge.exe 85 PID 2312 wrote to memory of 696 2312 msedge.exe 85 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86 PID 2312 wrote to memory of 5028 2312 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\307c1e2b200fa9675d324393ebdd41a3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff829c546f8,0x7ff829c54708,0x7ff829c547182⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,3400762700637019868,9488564670057518071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
6KB
MD5a445cc9648129c12cd9acc97487df2ef
SHA1199f37e524e13880a4c565f141461bd88a636694
SHA25697ed344f7f478219c240674210f71537c100892df2700628147930563a6c4cca
SHA512d3cd75fc5fc0d892f53c96d13edafe33e2b26b370309c09a2b8fff03bf91388503d2d5fc742dcb463efa01d24d2868468f7f4a85f9b9f7ecfdd667229854ac72
-
Filesize
6KB
MD567bcae80711bc06a2164116fbaf1bbd6
SHA11dc4ae24ffce63472ea89ffbf37acecdb36fee89
SHA2564bc27d32d4bbf9f723709f300d6455eb31a00af58ae6a78417c2e275d2c3accd
SHA512046cdf9bd2d94025082031c1a55837aeb8c9f93cdaecff18442ff98cce814603b429d52824f1c46ff35e903fe8bfa3d9306b722f6a2852aae9af1237ba9dfdba
-
Filesize
10KB
MD5939ba0bfb241d384ba42ce8ce85d7903
SHA1a1419582e98c55bc84a1968b9a5957a6543500fd
SHA25615186037150cae136be395fa5874b17c7c288d58378920dd54162499e7292742
SHA512177a33b6d0c91e65f5854b86bf67b53a97fb7fca80fe19229ad1d3632c4d3a7a904bc2f81fb8bbac853f1ca007aea650aa377df89c3504dd37c41a0d2322fc6b