Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
4165212bba40c395f58528b52309bf38_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4165212bba40c395f58528b52309bf38_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
4165212bba40c395f58528b52309bf38_JaffaCakes118.html
-
Size
12KB
-
MD5
4165212bba40c395f58528b52309bf38
-
SHA1
c4562aa3ed267fcf56fbde31236ee3fdb4ab42f1
-
SHA256
7f6cbbf00e67c732a5fc21eb445088ac6533398f5e8120f0550478446b7a7b42
-
SHA512
5eb80ba93180836e32431b8f3d78fe0304dbff57fe5bd7c3b5c45b97a61b1ed332deab10b0cf828e5c68ca683eda288539a25caaf12bf5792368d63dbc28a7bf
-
SSDEEP
384:sxlIcPVbjjA/guBBaZCn275CJ0ImzguLZ:JgpAR6xLZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4972 msedge.exe 4972 msedge.exe 4696 msedge.exe 4696 msedge.exe 576 msedge.exe 576 msedge.exe 576 msedge.exe 576 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4696 wrote to memory of 4836 4696 msedge.exe 83 PID 4696 wrote to memory of 4836 4696 msedge.exe 83 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4440 4696 msedge.exe 84 PID 4696 wrote to memory of 4972 4696 msedge.exe 85 PID 4696 wrote to memory of 4972 4696 msedge.exe 85 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86 PID 4696 wrote to memory of 1188 4696 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4165212bba40c395f58528b52309bf38_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95bb446f8,0x7ff95bb44708,0x7ff95bb447182⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15591114298819525958,12352813864390590060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:576
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3824
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD51f7b995ca24065566f8681c3dae4dfd6
SHA1c015710e39e0de530326b4f65368b74fe70da265
SHA25624c55728adb48a8111cdbf92753e2c87edc8ac6dd1f2ef6e3aa365a81219a14f
SHA5127f2778bebb86740a5f939d5e59f3035e0272bec290f535b6aae28462806395b91391116ed0d7139f9042b64fff7c9bd413e3beee1493ac40ec3e3eb91a63679b
-
Filesize
6KB
MD52dcaf91e246908c41b506c5049249e96
SHA182594be339ba0f1919b780c9b848013d9df1a9af
SHA256317a7010b901892d016d9c328b316ad88734ed60787b15355c4a90c8c631d58f
SHA512079ac81bddf08ff091cb43da5a1bce8aa6fbc129ae9b92f72198ee4cfb74736a8a83b4eaf463423a62058bc561ee08f6f79569b6931ed8186c1e6fba58f44761
-
Filesize
10KB
MD572628669b8feaba37d82ab10ea68e38a
SHA13eecd818016b446738a4d2835839e625e9fd9800
SHA2566a4b5c0739648eb0f94923021dde5980750d388d20fbc04a1b076d4901269759
SHA51231d5e186a41af4001d07349def5fc1343d76e3c6af47a76005bf006854561db9ed0bdc7923ddcba7e23675c07e844a776f427c4dfd8f92d0ddbcd287f100e546