Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2024, 23:41
Static task
static1
Behavioral task
behavioral1
Sample
c4dfb6813bebe06d8852e3ecd08462b7_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c4dfb6813bebe06d8852e3ecd08462b7_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
c4dfb6813bebe06d8852e3ecd08462b7_JaffaCakes118.html
-
Size
157KB
-
MD5
c4dfb6813bebe06d8852e3ecd08462b7
-
SHA1
6881a93be5227fdcbed7899965c4e4bbe3fa0584
-
SHA256
8035a2b92023a9087515c7c82fdedb2e7652f0d3b8547b7c793c9e74e735bd27
-
SHA512
fe40aa4e73b144ff2524d9a92018fd8e09e8adfb2d831c1dd615322a29b9a810c6ff125be535c399b4d95e550d35b9329e1c56ad321f363e30cee60161b0ab88
-
SSDEEP
3072:f4x9UcjvG8rMUcXmNRS7vaCCSki0od0Xtir+L82xc4K4vRmrFUkxMmZtdu:f6GXmNRh209YFu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3460 msedge.exe 3460 msedge.exe 5036 msedge.exe 5036 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5036 wrote to memory of 4916 5036 msedge.exe 83 PID 5036 wrote to memory of 4916 5036 msedge.exe 83 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 4252 5036 msedge.exe 84 PID 5036 wrote to memory of 3460 5036 msedge.exe 85 PID 5036 wrote to memory of 3460 5036 msedge.exe 85 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86 PID 5036 wrote to memory of 4872 5036 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c4dfb6813bebe06d8852e3ecd08462b7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e6546f8,0x7ffe4e654708,0x7ffe4e6547182⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3801776807025788365,8209901811457332556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
1KB
MD583fbc1a0a0c840a450f2978e28818394
SHA1a850621ba53cbc2b6f7aedc513108c9d27ec7047
SHA256e5adac8a9cc575b3d0e6800d827b06d526cfceda477534fc6a2e7daee1a76964
SHA512d430553c04f66117173997de17c7a04c460809e2341145b09b551aac3a20e24a21ebfae8356e5d48d7026b8ecd48ddc250d1664544cbe94dcfd25addb065e127
-
Filesize
5KB
MD54e66878df143ad45184969ad3220e284
SHA18633fb49267cb4bec9bf3cf0cd888ec673864493
SHA256d02f9e38cca7eaf9377418659d0796bc66b76945a103ec2b56b4f64bd7712836
SHA512c5317b7c568ba16e6cdea207c378e796e1faad52c9fd79697b5117d65c999b5cd092b56ec58db3095e4e15e79b850f587bb6e7874c7d5e59c810084af60197db
-
Filesize
7KB
MD5ab653ecb3863159d6346da90dce08aa1
SHA11c71ebd8d1b498eaac0a0e18604e5736fe1a6c72
SHA2568039eb317c0db2f4e14b73ecfe2a607ce2de392b55c43bfb8170df78ba96866d
SHA512019bf8a13038b284b0537bdc7b5841e20e5a99c88d45fd675cf4ce7955bc8b5473734bbff8563a8ea78d35bd0d20d34dfc73c08ca1c7f5a3df42b97ecf3c8626
-
Filesize
538B
MD508ef60472e70e3cd3a0f14291a2a80f3
SHA1578f97fbb5bdf11d5bd6eded25529dd032f1a04d
SHA2569cee0717d8dd2e813b00683affbdfccbf1795a8d74c93fe002f8473fe311cf51
SHA5129c738e6be8dc2ead3212d8e4292198d31fbb31da72843147d7d9b82b95d43ff416951a1bca8a32ccb4a35dbf5833400a26e7e4bc75d1c5b62bca1f6863ffc230
-
Filesize
371B
MD5c8c751eb00c1bb4b71e8ffea02cb88ae
SHA172a32540b4e9c9e0ce3d3639528d484a67cb1b46
SHA256a705e2be263e14eb0c0de75f0b355aca16712d1341bbf1ebc845d3e0706fe99a
SHA512d142ea5a79bdb8af854bbe1642a1a6848fd58f148218ea97bb47d3f81c2d384d7fa32c1542fde9a15fcf8ced66bcf161db94a910b397474ff2a28fe83101ebab
-
Filesize
10KB
MD54a945e75ad8e3854735ff19b9dc1b0ef
SHA1cb41c8b7e286a3e392c5cdae49682361c6a20e50
SHA256a20607e788d03b936e1c87d23c5847b88215071ea3972ecba8f39474c9415d13
SHA5121f50aa95ab72064ac2415420b04d5eafa9f7097b9ee5f01c77c9fb846617a07e8a4e95084d51bccd06da41243caaa81be66b0c078b61cbae7fd8197495a1d4c6