Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 23:18
Static task
static1
Behavioral task
behavioral1
Sample
44abf8dfec7dc9e30ddda693e0258bb8_JaffaCakes118.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
44abf8dfec7dc9e30ddda693e0258bb8_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
44abf8dfec7dc9e30ddda693e0258bb8_JaffaCakes118.html
-
Size
36KB
-
MD5
44abf8dfec7dc9e30ddda693e0258bb8
-
SHA1
a53c7a325a3ffaf9eb259533adf2ae265366f45d
-
SHA256
7e3bf626dc5ee62f3294486a91f2076fa7a14ea840ed583de4039fd4b6bd83c4
-
SHA512
b1d40fd75aff563a3282e355750d4c153e4c4bc88a5185951ecebecccb618ba642af370ec13b7f89b6a74632c197877f640d3bc47ee470a5107944b66411f4ae
-
SSDEEP
768:SflpRBfJ6i5C0nhagjvzgH483ZzUly2CEWY0:SflLBfJ6i57nhagjv6483ZzUlmEWY0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3292 msedge.exe 3292 msedge.exe 768 msedge.exe 768 msedge.exe 3116 identity_helper.exe 3116 identity_helper.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe 4620 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe 768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 768 wrote to memory of 2448 768 msedge.exe 84 PID 768 wrote to memory of 2448 768 msedge.exe 84 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3628 768 msedge.exe 85 PID 768 wrote to memory of 3292 768 msedge.exe 86 PID 768 wrote to memory of 3292 768 msedge.exe 86 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87 PID 768 wrote to memory of 4540 768 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\44abf8dfec7dc9e30ddda693e0258bb8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7c1246f8,0x7ffd7c124708,0x7ffd7c1247182⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5894945554237106237,7697186334938802259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
1KB
MD55efcfd22c27429b84aec90acc78f260c
SHA12b5f3ab80718e9d7fdfd04c1d0c6f5ac78388a79
SHA2568733a60f736a8a1b8683522a912cd52967d84d5c1e2639d6ef70fb6e6c58447a
SHA512e0c01bdf5dc3902c6aea6c3a4fc7dfab63a0b1584d79000684403aa1a1b5844f7cc4122f333396a2806cbdb14f5494a5ac9e4aa4fe3540ce3a83a4f268a1778d
-
Filesize
6KB
MD55de8a312f0b976080929ea7195bf42cf
SHA18c7f5c07304ea6aeb555786b19849a58a0f37cb3
SHA256b6b2ed2a19eddea016c957e72f71d387a35e1f9c39bc60046e5cb495c43a3284
SHA5129da950591718f9b18dd7f65c03fbf234f549297cb895fc8cc42319adc5ee34a2dcb640cfef38e556d7d1aa9291511a904259c2db3568d1f1098e70f01e199055
-
Filesize
6KB
MD5a8f358f25ab8456e878114efbeefde4a
SHA1cadfa7ec4f9213826803fb972dccec7920cf5cc6
SHA25603f0588351081a0563aff7300b243866db1591d4776f771af56852e694794e0d
SHA5125c3505eb93b09e58e85ecae7da0df7ba77e34cf9183e0c10ae9f31f5f9a9fe773c40d975e219e2051d8955d25a69d83da8d48cacf1250bbabc5cdd8d60b65895
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD54d714ee92eee5315eec5e16503dd3875
SHA133f9fa78dc205f20fa5a85c3675bb3c91d730a6c
SHA2560d18e3b7f5732036a6f1942812573ca59b58bc067331c25bd4c7a7c742faa891
SHA512308168975847ff5682bd8089075e17587c0e8bea20b14160f760f48b42cd370afd9262ee13827af5fe9eda7af88bda9fd41991e0e1acd4bcc26df96a0f3196cb