Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18/10/2024, 10:01
Static task
static1
Behavioral task
behavioral1
Sample
56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html
-
Size
11KB
-
MD5
56d1914d48456b7d7c4fc17a5f51d5d2
-
SHA1
984c844579c10128ba2303199cc154df9621c485
-
SHA256
a8ee13db4428a15a608bd0f20c83851e4b47217a823fe7b302f7677cfc7dfbcc
-
SHA512
d1e90f89e062e68eaf6f47a929b76dabba2bd3ad00c881f28be6966ed30f68f88ef5ffb1110da4d6751998495953db902da8703d23f5848ebeecf8feae7813af
-
SSDEEP
192:2VFlIsr03MN8k/w1wvqy/B5AnRvpXkf01fRLOXuBuLbdU8d:sFlIcuMv/gc/B5AnRvpXkf0ZLOXguLZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2044 msedge.exe 2044 msedge.exe 4200 msedge.exe 4200 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4200 wrote to memory of 1384 4200 msedge.exe 84 PID 4200 wrote to memory of 1384 4200 msedge.exe 84 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 4556 4200 msedge.exe 85 PID 4200 wrote to memory of 2044 4200 msedge.exe 86 PID 4200 wrote to memory of 2044 4200 msedge.exe 86 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87 PID 4200 wrote to memory of 4764 4200 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa202f46f8,0x7ffa202f4708,0x7ffa202f47182⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:82⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1132
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5ac8b294cd0c77eb66a11f3c7db0998e8
SHA1b20e74602a4c97d1687391e6a1f65c4599ff3ec9
SHA25620bfd8045f1d73427dd22b47394222d7f9ccb48df8d0a6d8a1977cc3ab3b9b0f
SHA512c9d51c55a9dbcf12ed3cfb07865c4df7fe1aa1762d16e57d79d9578dc96774cf9d4e1645cb235a07eba2e6a266b8644ca2a228726f91f390fd3ec1fb5a217c7c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD59466d659f5cfa4f19d4bfb886c8b5356
SHA128213ecaae7aefbdb5dc0d4c5f6bd4208b58558c
SHA2569d6c7adde91566ff1d84deaf14fa8086a31b0a5c4012094ba049eaff79fbcd42
SHA512239fd838ffb11b67765dab24a7faf242ce65f34a9fbb6e6725ef98c9fd309093206ac8ecca5f220dbfcd04e4378e07c718189306587de07739c6129be82e8ee9
-
Filesize
6KB
MD505b3755a46f5b9da1e349e89cc535a08
SHA14cd77a85d2f16c013fa327b2334286bac75d91bd
SHA256f9c7546f3c0679b4cbb723e5f0e97ca00e0078abb04213daa968cf1cab501e05
SHA512cf65a050915bc918720e6290b9c377a7d507f89ecb2d962208a0ffb8aab39b0ada6454bf383a892845d74a2982a6820e29dfd9180a5ec39d657e0951f6b9102a
-
Filesize
10KB
MD5848570278ffc682eda95f724b712eb7a
SHA1fbcf6a452ce6b283382905f800b9e41b267738fc
SHA2563473b4829b899b82e2627dde35216374f258bfa919f0c9073adca615cd463aa9
SHA512c9d0d5df7c6a98a6ee959e379d616a7d64662576c05d389d1a9e27ad3143981bd1c13efc536deac96ab5721d954fd5aade8b171de4d48defb897a9fe811c182e