Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
3c61f382589065485b29f8578dd0677f_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3c61f382589065485b29f8578dd0677f_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3c61f382589065485b29f8578dd0677f_JaffaCakes118.html
-
Size
28KB
-
MD5
3c61f382589065485b29f8578dd0677f
-
SHA1
1cb217702db8f8047629b97bf80703fef81568f8
-
SHA256
eb236db71c71bc41c520a245901f8a015e920ea0a58d2248e6947b1f26c49414
-
SHA512
e9e69c8d8800b581279da307e7b706863f6227a4ff16eed7cf3b2d17f91a88addcd24a8f869af1927b7841684967445286bab74d1e1c54218b45c2a3b21041cf
-
SSDEEP
768:+qfkr027m1nahV42kzFMZO28HEIwk4F0Er:+J+mVIFAO2Ec
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 4920 msedge.exe 4920 msedge.exe 2524 identity_helper.exe 2524 identity_helper.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4920 wrote to memory of 3152 4920 msedge.exe 83 PID 4920 wrote to memory of 3152 4920 msedge.exe 83 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3656 4920 msedge.exe 85 PID 4920 wrote to memory of 3176 4920 msedge.exe 86 PID 4920 wrote to memory of 3176 4920 msedge.exe 86 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87 PID 4920 wrote to memory of 3968 4920 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c61f382589065485b29f8578dd0677f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8231146f8,0x7ff823114708,0x7ff8231147182⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4696922008411243594,6020484882986496614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
178B
MD588a25d8924e8d777675efca2097df388
SHA183e21a091011ee38147139a953abd1d2bdde32a6
SHA2563511f4fa20fb6f1e117598bf9495fa924b3699d56feb85cb3e348e277d62293d
SHA512785ac1b9213fece59663f483271e8ebefdb385f7285f8a1f4a05909fcaeca4e26696d41c45e82bc67ea180d3125c475c9f8c660eca9670efed096cde079548b1
-
Filesize
6KB
MD552038d3205b0af92d31e747b2b6c012b
SHA12b91f9d80c1eaf6c9ab6d109d4b5136d03119315
SHA2567f9e92cd1b8e8b3944c2edcc3d10dd23bf2b339ecb72f1313efecf6f08ec879c
SHA512974e5b45948279fe97ba96a86e9bb486b6e7b094ba8e4fb7347f242e9cfbd7630093c55d405fbf7bfece7528bc5035bba1553d6fa0296c7a63c660615abc5010
-
Filesize
6KB
MD59dfb941a13ae5d1a163bd19284474eb6
SHA1f4ed0ffb3d12b67aa4b93933f74b33961c9f4cfc
SHA256aca8937b7639220dfa41a93595518ce69a5823ef86cf548f16031be2d480864a
SHA5127a1f7b125af42567adc874ddd674c41a6649938bae1b06a415a3fe98517b33e0816a29d8ff44fd03fc6a792cb198abeb5f50d4983f6d54d01c7f62dd9e182f6d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54a1dada8015025194416f91d9b81a7b2
SHA16f1601597035fa89a33c5a065313460737f5b81d
SHA256572dffbac153462e6e0da90a50e65d59ec191f11a5f56a92c73f2a5e2102faa2
SHA512af6af6b4e8fcd5d2ec6dda2993f4e30359c8721b16c99ffda8ffc14be462d58fead1ecfb51b47d98d82aae851e9695bb842a5d39b39e0298dd14bf00fc76aa9d