Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2024, 13:48
Static task
static1
Behavioral task
behavioral1
Sample
3a5962b07c2ab234738750870f174778_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3a5962b07c2ab234738750870f174778_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3a5962b07c2ab234738750870f174778_JaffaCakes118.html
-
Size
16KB
-
MD5
3a5962b07c2ab234738750870f174778
-
SHA1
470ad9ae3402f175ed3d2af702c959eee55117f7
-
SHA256
3868249b7773a74c644486da8318d2857389cab667e3a55ef9ac21982dd0ef55
-
SHA512
e346225cb047a772901cb438ac5963c748fd4b26114d84d3db41dbd59ab0abe7ddd528c0a5f3bba6e9a0938d1ec09eb73df7a6a5640472d0e3f15d6c6c01c300
-
SSDEEP
192:SInPgFbaLwlitmcGKAq+hizKjXyE+aNVSAHZcS4GKXCVkD+FQCEoKN9a:SI4FbaIJZq/zKsazHZPL6D+FQCEoKN9a
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3516 msedge.exe 3516 msedge.exe 1764 msedge.exe 1764 msedge.exe 4008 identity_helper.exe 4008 identity_helper.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1764 wrote to memory of 640 1764 msedge.exe 83 PID 1764 wrote to memory of 640 1764 msedge.exe 83 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3308 1764 msedge.exe 84 PID 1764 wrote to memory of 3516 1764 msedge.exe 85 PID 1764 wrote to memory of 3516 1764 msedge.exe 85 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86 PID 1764 wrote to memory of 924 1764 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a5962b07c2ab234738750870f174778_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8885846f8,0x7ff888584708,0x7ff8885847182⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:82⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1448791248283387465,17160123627958899200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90d0e959-874e-4cb4-994e-42282454487a.tmp
Filesize6KB
MD5c1f39d1cc26175bf7dcd056176090f38
SHA1a75a8e776239190a9a69c3a6efa48c13f872f732
SHA25612e7a783bb7475967dbb4f8c4581ec62f5806276ff868441961319929930022b
SHA512ed0cdb9c62d95a1dc7d8bad76ef9a820f0aa376b20ba1f93fa4f71a8bd2011913c407e3ab7ed4c2af7bd3b849a3b7bc42144f5a8d12b66be2a1757a267cd3b6c
-
Filesize
6KB
MD57b6a564a3c3c6b6740e76b2d4efe065b
SHA14bbe3b35bf532a252125f2cfa038d0759364b187
SHA2565024db4fe3f10138c2ff24e468fbee21b8135929f8eb69b7b3608e9c0f7aaccf
SHA512d7a7dbdbe71f03ad9a4f74526472691cecd64a8757180783fcb46e3da492c8dc7eef394e2696977a0a60fd56e52d84476b1199b175e284b11ba604f526da0d03
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c102ef8cf805dffeec4e98645281f7f4
SHA1c026839a78367e8d1cb5b4b933f2e4f9a4875adc
SHA2568ae73ae40acf072953a16eb1a541908f04e2f069a72fe0506cc07b937e74f9db
SHA5128ea1510d8c7288cbe2d2041855fe6b299af401c7a4f81022952b6c08ad992c5d7d46badebbd19cfd03e3c315e377d06b0f8e6d292efb15e48047a676716b6688