Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 16:42
Static task
static1
Behavioral task
behavioral1
Sample
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html
-
Size
23KB
-
MD5
40f29313aae5774572d9fdfb156285f9
-
SHA1
2eaaee11dabcc9ee3169d8a7241d567e2133b411
-
SHA256
6de11922e163b777a2a5378a2b3c251f3b7923d83d04b0aa6719e7c18889e684
-
SHA512
992a6aad5f966087442cfc770db3f9570a773bd26a45058dfc9990e60b156d31e88c9bbee22dbc2cdf90718141bb2cb8b0cfb616818a80cc6a047016483cbdd6
-
SSDEEP
384:C1lIcetD41vGTHJ7DeKUbGn6Z8ja/gRamzguLZ:wd8j4gQ6xLZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1012 msedge.exe 1012 msedge.exe 4924 msedge.exe 4924 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe 4924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4924 wrote to memory of 924 4924 msedge.exe 83 PID 4924 wrote to memory of 924 4924 msedge.exe 83 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1624 4924 msedge.exe 84 PID 4924 wrote to memory of 1012 4924 msedge.exe 85 PID 4924 wrote to memory of 1012 4924 msedge.exe 85 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86 PID 4924 wrote to memory of 1940 4924 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40f29313aae5774572d9fdfb156285f9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb42b946f8,0x7ffb42b94708,0x7ffb42b947182⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12091617974380680959,14854358160802514198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3136
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5db8464c3538291e8b205ba822f20bb79
SHA16a9e07d3ede2907a59285748a78ba5d41b1e1b82
SHA256d8a9243aa65ad542b5745b0caf9adaf2a951dff5008b9ca48eef3a6c89195a56
SHA51246ce86fc81462e9fc0951be1e61462e5a8e3e4b3690a3013f0598b33d06cfc98dca2d2029b16c60e4dccc7acfafc60bcd7aecf4e208de00fe6ebf0debf579c17
-
Filesize
6KB
MD56a2a8819922a74eb67e51864f0f5be1b
SHA158169558bcad88eeb3bad551989d4f0904839dce
SHA256ed11d130a06afa698ce00a639310dcfeca5f7752dc43e331e176c605f47e37bb
SHA512114b081b57a4ec5f7cf71fac4e1a1bc580dbbbd72fbd491f6754d35d8eb187643962710b9fbd4d3c00a691ca62c77a810be1ec8f0bb5bc8bf7f0a36c5a1b4e67
-
Filesize
10KB
MD53d6ded1ba71091e11a33948b44a8f970
SHA1260721117d748748a85a9bd28ed5537a0aad296a
SHA25684d0d92a78382f3a9736f341c06804ac4041beddb5f3e2a0a3299ed19d2345e7
SHA5128a95910fe56bd2718c7b8a00c61d1e74098541392cb5bd95e1a1c683d33cfd57b0074af6b8e217edd0a1c20d8926dc6fd545c72d983293e565091408de30e54c