Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/04/2024, 23:35
Static task
static1
Behavioral task
behavioral1
Sample
e8b2a5d66a5c109981fb5ff88e728e71_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e8b2a5d66a5c109981fb5ff88e728e71_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
e8b2a5d66a5c109981fb5ff88e728e71_JaffaCakes118.html
-
Size
25KB
-
MD5
e8b2a5d66a5c109981fb5ff88e728e71
-
SHA1
2be2b2eba4eb76b2c803046f2e2515b196d80674
-
SHA256
85b285375b1c763399bb34773a7ffc4fa27b57a6033b06ca22b65b7adfa13675
-
SHA512
5c98c2eeb2dad0da679a66fc6a0a5835f3b7db97ca203c002602d1d95d4dd3c80578b9bd9fe90c35cfbc82ead7983a7f13e9e67d71aacf9d81f2fd8f58ac31b9
-
SSDEEP
384:dS3y6DkzTKSbEFr8pqvWXE98eJEFYH83HTY37PvzbDfw0on27J5Ry2WaPtFt9+iD:Opz2a2YEl+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4844 msedge.exe 4844 msedge.exe 2152 msedge.exe 2152 msedge.exe 1348 identity_helper.exe 1348 identity_helper.exe 3276 msedge.exe 3276 msedge.exe 3276 msedge.exe 3276 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2152 wrote to memory of 1208 2152 msedge.exe 85 PID 2152 wrote to memory of 1208 2152 msedge.exe 85 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 2236 2152 msedge.exe 86 PID 2152 wrote to memory of 4844 2152 msedge.exe 87 PID 2152 wrote to memory of 4844 2152 msedge.exe 87 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88 PID 2152 wrote to memory of 968 2152 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e8b2a5d66a5c109981fb5ff88e728e71_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda20746f8,0x7ffda2074708,0x7ffda20747182⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2000492322196315538,7708503414486711325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3276
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5e6cdd5f06591231263b133cbe2dfca18
SHA1ca0002ea47030b2750bafd20e9fc66441b0295bb
SHA25697599db427dc9a37d6a5ec85ef487f72075b1c91a9b85e151ff75de04bdf2cb4
SHA5123e4c3db8370e561ff600d5acdd096c34a1dcac3be2c2ccf23a0bb0a1fd1b10b1d6c333d9a8916d05aeea12cc9540178abdfae795b2ba7ec0ee81ef6a855dc2fd
-
Filesize
533B
MD5a474b4e3a678fcae4ccac13d763318a4
SHA1866171325ae694015bf8806beab741167db1f2cb
SHA25669feeda5090ddbb503c6893f9ef3f92585b7a71a656aa6a33c45dd1b81c08da4
SHA51261d7088694c6642928eac7ed20d423e63e5d80e2ce04c44e7516cd59ddf665f0f6ddc52555bd614f198996a73aceddb5f27d70a095d5e412a84840489d280b2d
-
Filesize
6KB
MD5ca93dbf2a50f2d55ea30225274308f58
SHA16c1b385ef2eebec7adfa1de04012ce4bbd381c4b
SHA25670f4dd4664c7b57778d351d33bcaca7db0a3563ec04492eeb42fb0b103a38872
SHA5125a78038937edff92a6961a921fa5f2a72fe22d9353bfeec3e9cdfa1a591e67f9e8a3e96763909075d769b407ac18bab9fd054d533ba58e7da90c8b283c71ae20
-
Filesize
6KB
MD5e2333d3c16a1477104d19e0551937d72
SHA17ad7159e1185968414e446e9eff2ab8779b641e2
SHA256bed6bccb7b51961a923d4c7c61b91de52755c41d910e7bd35253c4395ba95898
SHA512f0b12f78df95cb8ae2a2c98edc2e3dbeb5dd87b20ee47b21e19a2c47641859b6d3387546d080876af4be1357d84b433d2a8e1a5058e15a382c9501f8fd8f606f
-
Filesize
6KB
MD5f91f6f6b3b07af15976128560219533b
SHA1e3e604ad6e3a034679aec8cfe856bee051c17d62
SHA2564446cd7dcd4174834a6e5eaa36ca30200b0a2b3665282de8a9cc5a0cec50d0d8
SHA512619d954d7512340be43a5a09823802c735278b0149d7f6df66cb25cc8f80501cbddad85278971275273c18a40281ce4a036f7417c9150a29137b301d907d1044
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54c6b5f53c9c32b1661416a522b529e29
SHA1b40f6190f2888cd15808686718049cbfec62620a
SHA256ffb5e30b49c8a08cfaf783ab8c246af24564c612c2b6a9c3c3a8b174133b6c01
SHA5128b3e7dfec06e4bc93a3d4d489a66e2f8e7dbe86897fdfae9e7af1fdb315cb597a03bb869d972d864345df6a34af9f0a07929cfab130faf1c4e74ea8530a5ee02